POPL '90 Proceedings of the 17th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Dynamic typing in a statically typed language
ACM Transactions on Programming Languages and Systems (TOPLAS)
PLDI '91 Proceedings of the ACM SIGPLAN 1991 conference on Programming language design and implementation
Global tagging optimization by type inference
LFP '92 Proceedings of the 1992 ACM conference on LISP and functional programming
A practical approach to type inference for EuLisp
Lisp and Symbolic Computation
Efficient detection of all pointer and array access errors
PLDI '94 Proceedings of the ACM SIGPLAN 1994 conference on Programming language design and implementation
Olden: parallelizing programs with dynamic data structures on distributed-memory machines
Olden: parallelizing programs with dynamic data structures on distributed-memory machines
A practical soft type system for scheme
ACM Transactions on Programming Languages and Systems (TOPLAS)
Low-cost, concurrent checking of pointer and array accesses in C programs
Software—Practice & Experience
Dynamic typing as staged type inference
POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Aggregate structure identification and its application to program analysis
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A sound polymorphic type system for a dialect of C
Science of Computer Programming - Special issue on the 6th European symposium on programming
Proceedings of the ACM SIGPLAN 1999 conference on Programming language design and implementation
Proceedings of the 1999 ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
ESEC/FSE-7 Proceedings of the 7th European software engineering conference held jointly with the 7th ACM SIGSOFT international symposium on Foundations of software engineering
CCured: type-safe retrofitting of legacy code
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Debugging via Run-Time Type Checking
FASE '01 Proceedings of the 4th International Conference on Fundamental Approaches to Software Engineering
ATEC '02 Proceedings of the General Track of the annual conference on USENIX Annual Technical Conference
Protecting C programs from attacks via invalid pointer dereferences
Proceedings of the 9th European software engineering conference held jointly with 11th ACM SIGSOFT international symposium on Foundations of software engineering
Buffer overrun detection using linear programming and static analysis
Proceedings of the 10th ACM conference on Computer and communications security
iWatcher: Efficient Architectural Support for Software Debugging
Proceedings of the 31st annual international symposium on Computer architecture
Testing static analysis tools using exploitable buffer overflows from open source code
Proceedings of the 12th ACM SIGSOFT twelfth international symposium on Foundations of software engineering
An efficient and backwards-compatible transformation to ensure memory safety of C programs
Proceedings of the 12th ACM SIGSOFT twelfth international symposium on Foundations of software engineering
Identifying opportunities for automatic remote field cloning
CASCON '04 Proceedings of the 2004 conference of the Centre for Advanced Studies on Collaborative research
AccMon: Automatically Detecting Memory-Related Bugs via Program Counter-Based Invariants
Proceedings of the 37th annual IEEE/ACM International Symposium on Microarchitecture
Improving the reliability of commodity operating systems
ACM Transactions on Computer Systems (TOCS)
Memory safety without garbage collection for embedded applications
ACM Transactions on Embedded Computing Systems (TECS)
Efficient and flexible architectural support for dynamic monitoring
ACM Transactions on Architecture and Code Optimization (TACO)
TraceBack: first fault diagnosis by reconstruction of distributed control flow
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
CCured: type-safe retrofitting of legacy software
ACM Transactions on Programming Languages and Systems (TOPLAS)
Segment protection for embedded systems using run-time checks
Proceedings of the 2005 international conference on Compilers, architectures and synthesis for embedded systems
Mondrix: memory isolation for linux using mondriaan memory protection
Proceedings of the twentieth ACM symposium on Operating systems principles
Rx: treating bugs as allergies---a safe method to survive software failures
Proceedings of the twentieth ACM symposium on Operating systems principles
Preventing format-string attacks via automatic and efficient dynamic checking
Proceedings of the 12th ACM conference on Computer and communications security
CP-Miner: Finding Copy-Paste and Related Bugs in Large-Scale Software Code
IEEE Transactions on Software Engineering
Quantified types in an imperative language
ACM Transactions on Programming Languages and Systems (TOPLAS)
Artemis: practical runtime monitoring of applications for execution anomalies
Proceedings of the 2006 ACM SIGPLAN conference on Programming language design and implementation
Modular checking for buffer overflows in the large
Proceedings of the 28th international conference on Software engineering
Proceedings of the 2006 workshop on Programming languages and analysis for security
Architectural support for safe software execution on embedded processors
CODES+ISSS '06 Proceedings of the 4th international conference on Hardware/software codesign and system synthesis
Thirty years is long enough: getting beyond C
HOTOS'05 Proceedings of the 10th conference on Hot Topics in Operating Systems - Volume 10
CP-Miner: a tool for finding copy-paste and related bugs in operating system code
OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
Enhancing server availability and security through failure-oblivious computing
OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
Evaluating SFI for a CISC architecture
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Sweeper: a lightweight end-to-end system for defending against fast worms
Proceedings of the 2nd ACM SIGOPS/EuroSys European Conference on Computer Systems 2007
Rx: Treating bugs as allergies—a safe method to survive software failures
ACM Transactions on Computer Systems (TOCS)
Forma: A framework for safe automatic array reshaping
ACM Transactions on Programming Languages and Systems (TOPLAS)
Jeannie: granting java native interface developers their wishes
Proceedings of the 22nd annual ACM SIGPLAN conference on Object-oriented programming systems and applications
Automated detection of persistent kernel control-flow attacks
Proceedings of the 14th ACM conference on Computer and communications security
A theory of platform-dependent low-level software
Proceedings of the 35th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Samurai: protecting critical data in unsafe languages
Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008
DMTracker: finding bugs in large-scale parallel programs by detecting anomaly in data movements
Proceedings of the 2007 ACM/IEEE conference on Supercomputing
A Scalable Memory Model for Low-Level Code
VMCAI '09 Proceedings of the 10th International Conference on Verification, Model Checking, and Abstract Interpretation
Implementation of the memory-safe full ANSI-C compiler
Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
Backward-compatible constant-time exception-protected memory
Proceedings of the the 7th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering
Automatically patching errors in deployed software
Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
Proceedings of the 37th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
PAriCheck: an efficient pointer arithmetic checker for C programs
ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
Statistically regulating program behavior via mainstream computing
Proceedings of the 8th annual IEEE/ACM international symposium on Code generation and optimization
HotSec'09 Proceedings of the 4th USENIX conference on Hot topics in security
Decaf: moving device drivers to a modern language
USENIX'09 Proceedings of the 2009 conference on USENIX Annual technical conference
FlowChecker: Detecting Bugs in MPI Libraries via Message Flow Checking
Proceedings of the 2010 ACM/IEEE International Conference for High Performance Computing, Networking, Storage and Analysis
Efficient dynamic program monitoring on multi-core systems
Journal of Systems Architecture: the EUROMICRO Journal
Inferring data polymorphism in systems code
Proceedings of the 19th ACM SIGSOFT symposium and the 13th European conference on Foundations of software engineering
Defining code-injection attacks
POPL '12 Proceedings of the 39th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Checking memory safety with blast
FASE'05 Proceedings of the 8th international conference, held as part of the joint European Conference on Theory and Practice of Software conference on Fundamental Approaches to Software Engineering
Data slicing: separating the heap into independent regions
CC'05 Proceedings of the 14th international conference on Compiler Construction
The potential of sampling for dynamic analysis
Proceedings of the ACM SIGPLAN 6th Workshop on Programming Languages and Analysis for Security
An expressive aspect language for system applications with arachne
Transactions on Aspect-Oriented Software Development I
Body armor for binaries: preventing buffer overflows without recompilation
USENIX ATC'12 Proceedings of the 2012 USENIX conference on Annual Technical Conference
Improving Memory Management Security for C and C++
International Journal of Secure Software Engineering
Software verification and graph similarity for automated evaluation of students' assignments
Information and Software Technology
CPM: Masking Code Pointers to Prevent Code Injection Attacks
ACM Transactions on Information and System Security (TISSEC)
QEMU/CPC: static analysis and CPS conversion for safe, portable, and efficient coroutines
Proceedings of the ACM SIGPLAN 2014 Workshop on Partial Evaluation and Program Manipulation
| Hi-index | 0.00 |
CCured is a program transformation system that adds memory safety guarantees to C programs by verifying statically that memory errors cannot occur and by inserting run-time checks where static verification is insufficient.This paper addresses major usability issues in a previous version of CCured, in which many type casts required the use of pointers whose representation was expensive and incompatible with precompiled libraries. We have extended the CCured type inference algorithm to recognize and verify statically a large number of type casts; this goal is achieved by using physical subtyping and pointers with run-time type information to allow parametric and subtype polymorphism. In addition, we present a new instrumentation scheme that splits CCured's metadata into a separate data structure whose shape mirrors that of the original user data. This scheme allows instrumented programs to invoke external functions directly on the program's data without the use of a wrapper function.With these extensions we were able to use CCured on real-world security-critical network daemons and to produce instrumented versions without memory-safety vulnerabilities.