Using Programmer-Written Compiler Extensions to Catch Security Holes
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Systematically Eradicating Data Injection Attacks Using Security-Oriented Program Transformations
ESSoS '09 Proceedings of the 1st International Symposium on Engineering Secure Software and Systems
Dynamic test generation to find integer bugs in x86 binary linux programs
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Using type qualifiers to analyze untrusted integers and detecting security flaws in c programs
DIMVA'06 Proceedings of the Third international conference on Detection of Intrusions and Malware & Vulnerability Assessment
Security on demand
OpenRefactory/C: an infrastructure for developing program transformations for C programs
Proceedings of the 3rd annual conference on Systems, programming, and applications: software for humanity
| Hi-index | 0.00 |
A security-oriented program transformation is similar to a refactoring, but it is not intended to preserve behavior. Instead, it improves the security of systems, which means it preserves the expected behavior, but changes a system's response to security attacks. This demo is about a tool for Explicit Type Enforcement transformation, which adds proper typecast to integer variables. The tool is built using Eclipse CDT and applies on C programs. Preliminary results show that it is very effective in fixing integer-related vulnerabilities. Power tools such as these can improve developer productivity and produce vulnerability-free software.