Home

About

Advanced Search

Browse by Discipline

Scientific Societies

E-print Alerts

Add E-prints

E-print Network
FAQHELPSITE MAPCONTACT US


  Advanced Search  

 
Improperly bounded program inputs present a major class of program defects. In secure applications, these bugs can
 

Summary: Abstract
Improperly bounded program inputs present a major class
of program defects. In secure applications, these bugs can
be exploited by malicious users, allowing them to overwrite
buffers and execute harmful code. In this paper, we present
a high coverage dynamic technique for detecting software
faults caused by improperly bounded program inputs. Our
approach is novel in that it retains the advantages of
dynamic bug detection, scope and precision; while at the
same time, relaxing the requirement that the user specify
the input that exposes the bug. To implement our approach,
inputs are shadowed by additional state that characterize
the allowed bounds of input-derived variables. Program
operations and decision points may alter the shadowed
state associated with input variables. Potentially hazardous
program sites, such as an array references and string func-
tions, are checked against the entire range of values that
the user might specify. The approach found several bugs
including two high-risk security bugs in a recent version of
OpenSSH.

  

Source: Austin, Todd M. - Department of Electrical Engineering and Computer Science, University of Michigan

 

Collections: Engineering; Computer Technologies and Information Sciences