HOPL-II The second ACM SIGPLAN conference on History of programming languages
Dynamic native optimization of interpreters
Proceedings of the 2003 workshop on Interpreters, virtual machines and emulators
Acceptability-oriented computing
OOPSLA '03 Companion of the 18th annual ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
Data structure repair using goal-directed reasoning
Proceedings of the 27th international conference on Software engineering
Pin: building customized program analysis tools with dynamic instrumentation
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
Efficient, transparent, and comprehensive runtime code manipulation
Efficient, transparent, and comprehensive runtime code manipulation
Exploring the acceptability envelope
OOPSLA '05 Companion to the 20th annual ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
Valgrind: a framework for heavyweight dynamic binary instrumentation
Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation
Systematically Eradicating Data Injection Attacks Using Security-Oriented Program Transformations
ESSoS '09 Proceedings of the 1st International Symposium on Engineering Secure Software and Systems
A security oriented program transformation to "add on" policies to prevent injection attacks
Proceedings of the 2nd Workshop on Refactoring Tools
Improving perimeter security with security-oriented program transformations
IWSESS '09 Proceedings of the 2009 ICSE Workshop on Software Engineering for Secure Systems
Automatically identifying critical input regions and code in applications
Proceedings of the 19th international symposium on Software testing and analysis
Obtaining and reasoning about good enough software
Proceedings of the 49th Annual Design Automation Conference
Proceedings of the 33rd ACM SIGPLAN conference on Programming Language Design and Implementation
Proceedings of the 34th International Conference on Software Engineering
Sound input filter generation for integer overflow errors
Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages
Hi-index | 0.00 |
A comfort zone is a tested region of a system's input space within which it has been observed to behave acceptably. To keep systems operating within their comfort zones, we advocate the interposition of rectifiers between systems and their input sources. Rectifiers are designed to transform inputs to ensure that they are within the comfort zone before they are presented to the system. Rectifiers enforce a highly constrained input format and, if necessary, discard information to force inputs to conform to this format. Potential benefits of this approach include the elimination of errors and vulnerabilities, the excision of undesirable excess functionality from large, complex systems, and a simplification of the computing environment. We have developed a rectifier for email messages and used this rectifier to force messages into a specific constrained form. Our results show that this rectifier can successfully produce messages that keep the Pine email client strictly within code previously confirmed (during a small testing and training session) to function acceptably. Our results also show that the rectifier completely eliminates a security vulnerability in the Pine email client. And finally, the rectifier is able to accomplish these goals while still preserving an acceptable amount of information from the original messages.