Filters








7,686 Hits in 5.1 sec

Automated Memory Corruption Detection through Analysis of Static Variables and Dynamic Memory Usage

Jihyun Park, Byoungju Choi, Yeonhee Kim
2021 Electronics  
The data we used for memory defect analysis were (1) information of static global variables (data, address, size) derived through the analysis of executable binary files, and (2) dynamic memory usage information  ...  This study presents a method for the real-time detection of memory defects in software based on data obtained through static and dynamic analysis.  ...  We proposed an automated method of detecting memory corruption by analyzing static variables and dynamic memory usage.  ... 
doi:10.3390/electronics10172127 fatcat:bilmpar2pjew5jocfx3cb3rxri

Dynamic Analysis of ARINC 653 RTOS with LLVM [article]

Vitaly Cheptsov, Alexey Khoroshilov
2021 arXiv   pre-print
Dynamic instrumentation and static analysis are common practices used to automatically find software defects, from strictly non-conforming code constructions to memory corruptions or invalid control flow  ...  In this paper we discuss the specifics of airborne systems with regards to dynamic instrumentation and provide practical considerations to be taken into account for the effective use of general-purpose  ...  Dynamic instrumentation and static analysis are common practices used to automatically find software defects, from strictly non-conforming code constructions to memory corruptions or invalid control flow  ... 
arXiv:2106.01766v1 fatcat:57riyknta5chxp667plmfskcvm

A JVM for soft-error-prone embedded systems

Isabella Stilkerich, Michael Strotz, Christoph Erhardt, Martin Hoffmann, Daniel Lohmann, Fabian Scheler, Wolfgang Schröder-Preikschat
2013 SIGPLAN notices  
An automated application of fault-detection and fault-tolerance measures based on the type system of the programming language and static code analyses is possible.  ...  As a result, the employment of fault-detection and fault-tolerance measures is becoming a mandatory task even for moderately critical applications.  ...  Since CDj allocates temporary objects and uses collection classes of the Java library, it normally requires the use of dynamic memory management.  ... 
doi:10.1145/2499369.2465571 fatcat:6ftidvp7tzh6plphezx2wxgxxa

A JVM for soft-error-prone embedded systems

Isabella Stilkerich, Michael Strotz, Christoph Erhardt, Martin Hoffmann, Daniel Lohmann, Fabian Scheler, Wolfgang Schröder-Preikschat
2013 Proceedings of the 14th ACM SIGPLAN/SIGBED conference on Languages, compilers and tools for embedded systems - LCTES '13  
An automated application of fault-detection and fault-tolerance measures based on the type system of the programming language and static code analyses is possible.  ...  As a result, the employment of fault-detection and fault-tolerance measures is becoming a mandatory task even for moderately critical applications.  ...  Since CDj allocates temporary objects and uses collection classes of the Java library, it normally requires the use of dynamic memory management.  ... 
doi:10.1145/2491899.2465571 fatcat:iyceoh2l35c5zi7hsqwwiquy4e

The dynamics of changing dynamic memory allocation in a large-scale C++ application

Neil B. Harrison, John H. Meiners
2006 Companion to the 21st ACM SIGPLAN conference on Object-oriented programming systems, languages, and applications - OOPSLA '06  
Misuse of dynamic memory has been detected and errors caused by memory misuse have been avoided. Performance of the new memory management code has been as good or better as the previous code.  ...  Additional capabilities such as audits have been added to further increase the robustness of dynamic memory usage.  ...  Crashes are notoriously difficult to diagnose, but it became clear that they were associated with memory corruption; specifically improper use of dynamic memory.  ... 
doi:10.1145/1176617.1176736 dblp:conf/oopsla/HarrisonM06 fatcat:lvocpuw5efa4bljimzfc6kph4i

SafeStack $$^+$$ : Enhanced Dual Stack to Combat Data-Flow Hijacking [chapter]

Yan Lin, Xiaoxiao Tang, Debin Gao
2017 Lecture Notes in Computer Science  
SafeStack + locates data flow sensitive variables on the unsafe stack that could potentially affect evaluation of branching conditions, and adds canaries of random sizes and values to them to detect malicious  ...  We implement SafeStack + as a plug-in on LLVM 3.8 and perform extensive experiments to justify a lazy checking mechanism that adds on average 3.0% of runtime and 5.3% of memory overhead on top of SafeStack  ...  Memory Usage Overhead Note that the memory usage overhead is proportional to the number of sensitive variables statically found in the program and not dynamically related to the specific workload.  ... 
doi:10.1007/978-3-319-59870-3_6 fatcat:luwehvktyzbsvczp6z454y7uve

A Static Code and Dynamic Data Attestation based Intrusion Detection System for Wireless Sensor Networks

Neelam ASurti, Devesh C Jinwala
2015 International Journal of Computer Applications  
We believe that an integrated approach that uses both the static and dynamic code attestation techniques can leverage the effectiveness of an intrusion detection system.  ...  As we demonstrate using our experimental simulation studies, with the marginal increase in memory and computational overhead, our approach ensures improved overall security.  ...  Result Analysis Memory required in terms of RAM and ROM usage in bytes and energy consumption in joules are considered for static code attestation, dynamic data attestation and combined algorithms.  ... 
doi:10.5120/21167-4234 fatcat:q2vu4sy4vrgodi3ulzqe7b44qi

Static vulnerability detection in Java service-oriented components

François Goichon, Guillaume Salagnac, Pierre Parrend, Stéphane Frénot
2012 Journal in Computer Virology and Hacking Techniques  
We use static analysis to remain as exhaustive as possible and to avoid the need for non-standard or intrusive environments.  ...  Extensible component-based platforms allow dynamic discovery, installation and execution of components.  ...  and complete reviews and the whole Amazones team for providing us a convivial and productive working environment.  ... 
doi:10.1007/s11416-012-0172-1 fatcat:thj6bkm4hzhg5jonyo2ulb6r2a

Defending against Buffer-Overflow Vulnerabilities

Bindu Padmanabhuni, Hee Beng Kuan Tan
2011 Computer  
Combined static and dynamic code analysis Other solutions use both static and dynamic analysis to detect buffer-overflow vulnerabilities.  ...  The Pasan prototype instruments source code to record information about the size of static and dynamically allocated buffers and to produce a memory update log. 18 It uses RAD to detect buffer-overflow  ... 
doi:10.1109/mc.2011.229 fatcat:6ntjeve76nfm5dpvrdrastrcae

A Smart Fuzzer for x86 Executables

Andrea Lanzi, Lorenzo Martignoni, Mattia Monga, Roberto Paleari
2007 Third International Workshop on Software Engineering for Secure Systems (SESS'07: ICSE Workshops 2007)  
In other words, the search is driven by a mix of static and dynamic analysis in order to lead the execution path to selected corner cases that are the most likely to expose vulnerabilities, thus improving  ...  While conventional fuzzing uses random input to discover crash conditions, smart fuzzing restricts the input space by using a preliminary static analysis of the program, then refined by monitoring each  ...  Acknowledgments We would like to thank the anonymous reviewers for their useful suggestions and comments on this paper.  ... 
doi:10.1109/sess.2007.1 dblp:conf/icse/LanziMMP07 fatcat:62z5ozk63jcf5mcow3erv5vwbu

PACSafe: Leveraging ARM Pointer Authentication for Memory Safety in C/C++ [article]

Konrad Hohentanner, Philipp Zieris, Julian Horsch
2022 arXiv   pre-print
Memory safety bugs remain in the top ranks of security vulnerabilities, even after decades of research on their detection and prevention.  ...  PACSafe uses pointer signatures to retrofit full memory safety to C/C++ programs, protecting heap, stack, and globals against temporal and spatial vulnerabilities.  ...  ., in form of stack allocations for local variables at the beginning of functions. Usage. While a memory region is allocated, it can be used, i.e., written or read, through pointers.  ... 
arXiv:2202.08669v1 fatcat:5uwgzoahebg55mi7prrmnfhk6q

An Enhanced Algorithm for Memory Systematic Faults Detection in Multicore Architectures Suitable for Mixed-Critical Automotive Applications

Abdullah El-Bayoumi
2020 International Journal of Safety and Security Engineering  
The proposed safety mechanisms have been investigated and evaluated for Aurix Tri-core and Renesas RH850 targets with lots of suggestions to have a fully compliant architecture with principles and methods  ...  Software applications run with different criticality such as: scheduling, sharing computation, concurrent resource sharing, memory inter-core communication, communication delays, communication links, and  ...  ACKNOWLEDGMENT The work presented here has been partially carried out for the framework of autonomous driving applications architectures, which are supported by the Research and Development Center of Valeo  ... 
doi:10.18280/ijsse.100405 fatcat:l7lethnjn5fdjosjnygfaer5gu

Improving software security via runtime instruction-level taint checking

Jingfei Kong, Cliff C. Zou, Huiyang Zhou
2006 Proceedings of the 1st workshop on Architectural and system support for improving software dependability - ASID '06  
We also demonstrate effective usages of our architecture to detect buffer overflow and format string attacks.  ...  Current taint checking architectures monitor tainted data usage mainly with control transfer instructions. An alarm is raised once the program counter becomes tainted.  ...  Heap corruption. Heap data structure for dynamic memory allocation contains user data and heap management data.  ... 
doi:10.1145/1181309.1181313 dblp:conf/asplos/KongZZ06 fatcat:wrw7fhtonba23igu4t3ii6vzrq

Applications of computational intelligence for static software checking against memory corruption vulnerabilities

Marcos Alvares, Tshilidzi Marwala, Fernando Buarque de Lima Neto
2013 2013 IEEE Symposium on Computational Intelligence in Cyber Security (CICS)  
This paper shows that computational intelligence techniques can successfully uncover several arithmetic and memory manipulation vulnerabilities.  ...  Critical services like water supply, energy and transportation are controlled by computational systems. These systems must be reliable and constantly audited against software and hardware failures.  ...  Results show us that the proposed method can efficiently analyse and find memory corruption vulnerabilities.  ... 
doi:10.1109/cicybs.2013.6597207 dblp:conf/cics/JuniorMN13 fatcat:wa2mhpgvinawtjahpkp6acrm3u

3rd Party Geolocation Messaging: A Positioning Enabler Middleware for Realizing Context-Aware Polling

Mohamed Salem, Bersant Deva
2013 2013 International Conference on MOBILe Wireless MiddleWARE, Operating Systems, and Applications  
Measurements demonstrate that the virtual machine achieves good performance and memory usage for realistic Insense programs.  ...  A split VM architecture is used, in which Insense programs are compiled to Java classes, then linked and compacted on a more powerful machine into a form suitable for execution by the VM.  ...  Memory Usage The static memory usage of Insense programs has been examined in Section IV. Insense programs also allocate memory dynamically from the heap.  ... 
doi:10.1109/mobilware.2013.10 dblp:conf/mobilware/CameronHS13 fatcat:pnt2uz6wxvdo3mibqjoipq2rm4
« Previous Showing results 1 — 15 out of 7,686 results