A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
Filters
IntFlow
2014
Proceedings of the 30th Annual Computer Security Applications Conference on - ACSAC '14
Preserved Fulltext
As a step towards addressing this issue, we present Int-Flow, an accurate arithmetic error detection tool that combines static information flow tracking and dynamic program analysis. ...
We evaluated IntFlow using the SPEC benchmarks and a series of real-world applications, and measured its effectiveness in detecting arithmetic error vulnerabilities and reducing false positives. ...
Any opinions, findings, conclusions, or recommendations expressed herein are those of the authors, and do not necessarily reflect those of the US Government, DARPA, the Air Force, or Intel. ...
doi:10.1145/2664243.2664282
dblp:conf/acsac/PomonisPJPK14
fatcat:pj5jwjyddjgw7eszoukm4j6c7i
Improving the Accuracy of Integer Signedness Error Detection Using Data Flow Analysis
2015
Proceedings of the 27th International Conference on Software Engineering and Knowledge Engineering
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2018; you can also visit the original URL.
The file type is application/pdf.
Experimental results show that SignFlow successfully detected all harmful integer signedness bugs and achieved a reduction of 41% in false positives over IntFlow, the state-of-the-art signedness error ...
Despite of the significant advances in automating the detection of integer signedness errors, accurately differentiating exploitable and harmful signedness errors from unharmful ones still remains an open ...
Limitations We propose to improve the accuracy of integer signedness error detection using the data flow characteristics. ...
doi:10.18293/seke2015-123
dblp:conf/seke/SunSWZ15
fatcat:l2txl7de2bf3fajjasysr36xaa
Improving the Accuracy of Integer Signedness Error Detection Using Data Flow Analysis
2015
International journal of software engineering and knowledge engineering
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2018; you can also visit the original URL.
The file type is application/pdf.
Experimental results show that SignFlow successfully detected all harmful integer signedness bugs and achieved a reduction of 41% in false positives over IntFlow, the state-of-the-art signedness error ...
Despite of the significant advances in automating the detection of integer signedness errors, accurately differentiating exploitable and harmful signedness errors from unharmful ones still remains an open ...
Limitations We propose to improve the accuracy of integer signedness error detection using the data flow characteristics. ...
doi:10.1142/s0218194015400331
fatcat:it5eijmpf5bh5jxxmzw3oneiby
On Efficiency and Accuracy of Data Flow Tracking Systems
2017
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Data Flow Tracking (DFT) is a technique broadly used in a variety of security applications such as attack detection, privacy leak detection, and policy enforcement. ...
The first optimization approach extracts DFT tracking logics and abstracts them using TFA. ...
Our prototype, IntFlow, uses information flow tracking to reason the severity of arithmetic errors by analyzing the information flows related to them. ...
doi:10.7916/d8mg7p9d
fatcat:mof2c5wdwrbcpjwogdpuqpirbi
Practical Integer Overflow Prevention
[article]
2017
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Other Versions
Specifically, given the source code of a program, IntGuard first discovers the location of an integer overflow error by using static source code analysis and satisfiability modulo theories (SMT) solving ...
IntGuard then generates integer multi-precision code repairs based on modular manipulation of SMT constraints as well as an extensible set of customizable code repair patterns. ...
Most of the successfully used tools for error detection in the industry (i.e., at Google) are mainly based on fuzzers. ...
arXiv:1710.03720v9
fatcat:mjtnitnqmbbmlgoswdersm4xju
KUBO: Precise and Scalable Detection of User-triggerable Undefined Behavior Bugs in OS Kernel
2021
Proceedings 2021 Network and Distributed System Security Symposium
unpublished
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL.
The file type is application/pdf.
KUBO's false detection rate is merely 27.5%, which is significantly lower than that of the state-of-the-art kernel UB detectors (91%). ...
KUBO is focused on detecting critical UB that can be triggered by userspace input. The high precision comes from KUBO's verification of the satisfiability of the UB-triggering paths and conditions. ...
We record this range, as it can improve the accuracy of the later symbolic solving. The call graph is generated by [42] , [24] . ...
doi:10.14722/ndss.2021.24461
fatcat:2sr4erl5lrhzzg2vcadheoug2q