19,276 Hits in 5.0 sec

Improving software security with a C pointer analysis

Dzintars Avots, Michael Dalton, V. Benjamin Livshits, Monica S. Lam
2005 Proceedings of the 27th international conference on Software engineering - ICSE '05  
This paper presents a context-sensitive, inclusion-based, field-sensitive points-to analysis for C and uses the analysis to detect and prevent security vulnerabilities in programs.  ...  This paper uses the proposed pointer alias analyses to infer the types of variables in C programs and shows that most C variables are used in a manner consistent with their declared types.  ...  This paper explores the use of more advanced pointer alias analysis to create practical tools for improving software security.  ... 
doi:10.1145/1062455.1062520 dblp:conf/icse/AvotsDLL05 fatcat:sovay67qjfdmzkhtj54ccpuvxi

Improved Security Evaluation of the Software by using PSSS based Security Analyzer

Surkhab Shelly, Anil Kumar
2014 International Journal of Computer Applications  
The most important objective of PSSS security process is to improve the effectiveness of software security projects.  ...  The overall objective of this paper is to evaluate the security analysis of the given software and return a security report which allows programmers to take certain action based upon the outcomes.  ...  SDL can be characterized as follows [7] :  Security as a supporting quality: The primary goal of SDL is to increase the quality of functionality driven software by improving its security posture.  ... 
doi:10.5120/17354-7855 fatcat:csxfgjnz4bfj7ltnir2irqbwti

Automated Use-After-Free Detection and Exploit Mitigation: How Far Have We Gone

Binfa Gui, Wei Song, Hailong Xiong, Jeff Huang
2021 IEEE Transactions on Software Engineering  
software security, and software engineering.  ...  reduction: A pointer-analysis-based static approach for detecting [24] C. Cadar, D. Dunbar, D. R.  ... 
doi:10.1109/tse.2021.3121994 fatcat:35opzmr2gbg67mnftjkdedm7y4

Towards Patching Memory Leak Bugs in Off-The-Shelf Software

Domenico Cotroneo, Roberto Natella
2014 2014 IEEE International Symposium on Software Reliability Engineering Workshops  
Future work will implement this approach in a prototype, and validate it on real memory leaks found in complex software.  ...  Nevertheless, it is still difficult to deal with bugs located in OTS software, since developers lack the source code and/or knowledge about their internals to fix these bugs.  ...  Second-Write [20] is a binary rewriting tool aimed at retrofitting security checks in binary COTS software.  ... 
doi:10.1109/issrew.2014.44 dblp:conf/issre/CotroneoN14 fatcat:6igeq33vgjhc5a4q4znu2wevrm

Uprooting Software Defects at the Source

Seth Hallem, David Park, Dawson Engler
2003 Queue  
For example, to determine if violations of property 3 are amenable to source code analysis, we might start with a known security hole.  ...  At statement D, the analysis recognizes an illegal de-reference of a pointer with value 0, and an error is reported.  ... 
doi:10.1145/966712.966722 fatcat:mb4ypsvrxbgfzdbzmhvgmiqnm4

Architectural support for safe software execution on embedded processors

Divya Arora, Anand Raghunathan, Srivaths Ravi, Niraj K. Jha
2006 Proceedings of the 4th international conference on Hardware/software codesign and system synthesis - CODES+ISSS '06  
The lack of memory safety in many popular programming languages, including C and C++, has been a cause for great concern in the realm of software reliability, verification, and more recently, system security  ...  Our approach is completely automated, and applicable to any C program, making it a promising and practical approach for addressing the growing security and reliability concerns in embedded software.  ...  The security risks faced by unsafe C software have inspired many countermeasures aimed at preventing buffer overflows.  ... 
doi:10.1145/1176254.1176281 dblp:conf/codes/AroraRRJ06 fatcat:o6vwhg4gprg3zdtpajzjyp7esm

Protecting C programs from attacks via invalid pointer dereferences

Suan Hsi Yong, Susan Horwitz
2003 Proceedings of the 9th European software engineering conference held jointly with 10th ACM SIGSOFT international symposium on Foundations of software engineering - ESEC/FSE '03  
This paper describes the design and implementation of a security tool for C programs that addresses all these issues: it has a low runtime overhead, does not require source code modification by the programmer  ...  The tool uses static analysis to identify potentially dangerous pointer dereferences, and memory locations that are legitimate targets of these pointers.  ...  We thank George Necula for help with CCured, and the anonymous reviewers for their useful suggestions.  ... 
doi:10.1145/940071.940113 dblp:conf/sigsoft/YongH03 fatcat:qlzir2on3nbdtmxsf4ntssvlci

The MISRA C Coding Standard and its Role in the Development and Analysis of Safety- and Security-Critical Embedded Software [chapter]

Roberto Bagnara, Abramo Bagnara, Patricia M. Hill
2018 Lecture Notes in Computer Science  
MISRA C is a coding standard defining a subset of the C language, initially targeted at the automotive sector, but now adopted across all industry sectors that develop C software in safety-and/or security-critical  ...  We also outline the role of static analysis in the automatic checking of compliance with respect to MISRA C, and the role of the MISRA C language subset in enabling a wider application of formal methods  ...  We are grateful to the following people who helped in proofreading the paper and provided useful comments and advice: Fulvio Baccaglini (PRQA -a Perforce Company, MISRA C Working Group), Dave Banham (Rolls-Royce  ... 
doi:10.1007/978-3-319-99725-4_2 fatcat:6phmdyfq4bde7lvwdch5q2aizm

Automation for creating and configuring security manifests for hardware containers

Eugen Leontie, Gedare Bloom, Rahul Simha
2011 2011 4th Symposium on Configuration Analytics and Automation (SAFECONFIG)  
A hardware reference monitor enforces a security manifest of memory access permissions for the currently executing component.  ...  In this paper we discuss how automation tools can help software developers to create the security manifest that configures hardware containers.  ...  Software developers can use security annotations to denote the expected ranges and permissions for memory that such pointers should access.  ... 
doi:10.1109/safeconfig.2011.6111677 dblp:conf/safeconfig/LeontieBS11 fatcat:6jmxj7ghnbhfznplzr3g6mqjxe

Protecting the stack with PACed canaries

Hans Liljestrand, Zaheer Gauhar, Thomas Nyman, Jan-Erik Ekberg, N. Asokan
2019 Proceedings of the 4th Workshop on System Software for Trusted Execution - SysTEX '19  
Instead, security must be supported from the ground up, starting with the tools used to build software.  ...  A randomly assigned modifier-or a nonce-would require the modifier to be securely tracked or otherwise associated with the correct pointer.  ... 
doi:10.1145/3342559.3365336 dblp:conf/sosp/LiljestrandGNEA19 fatcat:nrvxdisehbau7kd3ojbkuhtxeu

Clang and Coccinelle: Synergising program analysis tools for CERT C Secure Coding Standard certification

Mads Chr. Olesen, Rene Rydhof Hansen, Julia L. Lawall, Nicolas Palix
2010 Electronic Communications of the EASST  
with the aim of making C programs (more) secure.  ...  e.g., the CERT C Secure Coding standard or the MISRA (the Motor Industry Software Reliability Assocation) C standard.  ...  In an effort to improve the quality of security critical C programs, the US CERT 1 organisation is maintaining and developing a set of rules and recommendations, called the CERT C Secure Coding Standard  ... 
doi:10.14279/tuj.eceasst.33.455 dblp:journals/eceasst/OlesenHLP10 fatcat:xmjadtfl4jhyhc2xevgaambiz4

Hardware/software optimization for array & pointer boundary checking against buffer overflow attacks

Zili Shao, Jiannong Cao, Keith C.C. Chan, Chun Xue, Edwin H.-M. Sha
2006 Journal of Parallel and Distributed Computing  
Gurindar, Efficient detection of all pointer and array access errors, in: In this paper, we propose a hardware/software method to optimize the performance of array & pointer boundary checking by designing  ...  a special boundary checking instruction.  ...  In [14, 13] , we propose a hardware/software codesign method with special secure instructions to defend against buffer overflow attacks.  ... 
doi:10.1016/j.jpdc.2006.04.010 fatcat:o2l2a3hsprddtkazchsdzwxu7y

Automatically Detect Software Security Vulnerabilities Based on Natural Language Processing Techniques and Machine Learning Algorithms

Do Xuan Cho, Vu Ngoc Son, Duong Duc
2022 Journal of ICT Research and Applications  
In order to improve the ability to accurately detect software security vulnerabilities, this study proposes a new approach based on a technique of analyzing and standardizing software code and the random  ...  ; ii) behavior analysis-based detection using classification algorithms, i.e., methods based on analyzing the software code.  ...  Refs. [27] [28] [29] [30] [31] proposed methods combining deep learning with graph analysis for the task of detecting software security vulnerabilities using C, C++, Java, etc. 3 The Method for Detecting  ... 
doi:10.5614/itbj.ict.res.appl.2022.16.1.5 fatcat:5u235bxcerhm5cezwc3tzdedca

System Programming in Rust

Abhiram Balasubramanian, Marek S. Baranowski, Anton Burtsev, Aurojit Panda, Zvonimir Rakamari, Leonid Ryzhyk
2017 ACM SIGOPS Operating Systems Review  
Rust is a new system programming language that offers a practical and safe alternative to C.  ...  We show three examples of such capabilities: zero-copy software fault isolation, efficient static information flow analysis, and automatic checkpointing.  ...  Even worse, pervasive use of pointer aliasing, pointer arithmetic, and unsafe type casts keeps modern systems beyond the reach of software verification tools. Why are we still using C?  ... 
doi:10.1145/3139645.3139660 fatcat:h2brz34d7fgrzalvbjqy2a7mse

The Vulnerability Analysis Of Java Bytecode Based On Points-To Dataflow

Tang Hong, Zhang Lufeng, Chen Hua, Zhang Jianbo
2009 Zenodo  
It can be used as an assistant tool for security analysis of Java bytecode from unknown softwares which will be used as extern LIBs.  ...  So a novel method to check the bugs in Java bytecode based on points-to dataflow analysis is in need, which is different to the common analysis techniques base on the vulnerability pattern check.  ...  The following subsections describe the improved pointed-to dataflow analysis. A.  ... 
doi:10.5281/zenodo.1082355 fatcat:flwiigcfqvhqzg5smpvnwlho5q
« Previous Showing results 1 — 15 out of 19,276 results