Garbage collection in an uncooperative environment
Software—Practice & Experience
Adding run-time checking to the portable C compiler
Software—Practice & Experience
Efficient detection of all pointer and array access errors
PLDI '94 Proceedings of the ACM SIGPLAN 1994 conference on Programming language design and implementation
Software caching and computation migration in Olden
PPOPP '95 Proceedings of the fifth ACM SIGPLAN symposium on Principles and practice of parallel programming
Low-cost, concurrent checking of pointer and array accesses in C programs
Software—Practice & Experience
Proceedings of the ACM SIGPLAN 1999 conference on Programming language design and implementation
ESEC/FSE-7 Proceedings of the 7th European software engineering conference held jointly with the 7th ACM SIGSOFT international symposium on Foundations of software engineering
Symbolic bounds analysis of pointers, array indices, and accessed memory regions
PLDI '00 Proceedings of the ACM SIGPLAN 2000 conference on Programming language design and implementation
CCured: type-safe retrofitting of legacy code
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Debugging via Run-Time Type Checking
FASE '01 Proceedings of the 4th International Conference on Fundamental Approaches to Software Engineering
ATEC '02 Proceedings of the General Track of the annual conference on USENIX Annual Technical Conference
Type-Assisted Dynamic Buffer Overflow Detection
Proceedings of the 11th USENIX Security Symposium
CIL: Intermediate Language and Tools for Analysis and Transformation of C Programs
CC '02 Proceedings of the 11th International Conference on Compiler Construction
CSSV: towards a realistic tool for statically detecting all buffer overflows in C
PLDI '03 Proceedings of the ACM SIGPLAN 2003 conference on Programming language design and implementation
PLDI '03 Proceedings of the ACM SIGPLAN 2003 conference on Programming language design and implementation
RAD: A Compile-Time Solution to Buffer Overflow Attacks
ICDCS '01 Proceedings of the The 21st International Conference on Distributed Computing Systems
Protecting C programs from attacks via invalid pointer dereferences
Proceedings of the 9th European software engineering conference held jointly with 11th ACM SIGSOFT international symposium on Foundations of software engineering
ARCHER: using symbolic, path-sensitive analysis to detect memory access errors
Proceedings of the 9th European software engineering conference held jointly with 11th ACM SIGSOFT international symposium on Foundations of software engineering
Buffer overrun detection using linear programming and static analysis
Proceedings of the 10th ACM conference on Computer and communications security
Statically detecting likely buffer overflow vulnerabilities
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
FormatGuard: automatic protection from printf format string vulnerabilities
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
PointguardTM: protecting pointers from buffer overflow vulnerabilities
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Address obfuscation: an efficient approach to combat a board range of memory error exploits
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
TIED, LibsafePlus: tools for runtime buffer overflow protection
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Transparent run-time defense against stack smashing attacks
ATEC '00 Proceedings of the annual conference on USENIX Annual Technical Conference
Fail-safe ANSI-C compiler: an approach to making C programs secure
ISSS'02 Proceedings of the 2002 Mext-NSF-JSPS international conference on Software security: theories and systems
Fast and automated generation of attack signatures: a basis for building self-protecting servers
Proceedings of the 12th ACM conference on Computer and communications security
DieHard: probabilistic memory safety for unsafe languages
Proceedings of the 2006 ACM SIGPLAN conference on Programming language design and implementation
Backwards-compatible array bounds checking for C with very low overhead
Proceedings of the 28th international conference on Software engineering
Exterminator: automatically correcting memory errors with high probability
Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation
Efficient techniques for comprehensive protection from memory error exploits
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Effective memory protection using dynamic tainting
Proceedings of the twenty-second IEEE/ACM international conference on Automated software engineering
Hardbound: architectural support for spatial safety of the C programming language
Proceedings of the 13th international conference on Architectural support for programming languages and operating systems
Archipelago: trading address space for reliability and security
Proceedings of the 13th international conference on Architectural support for programming languages and operating systems
DIMVA '08 Proceedings of the 5th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Instruction-level countermeasures against stack-based buffer overflow attacks
Proceedings of the 1st EuroSys Workshop on Virtualization Technology for Dependable Systems
SoftBound: highly compatible and complete spatial memory safety for c
Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
Backward-compatible constant-time exception-protected memory
Proceedings of the the 7th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering
PAriCheck: an efficient pointer arithmetic checker for C programs
ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
CETS: compiler enforced temporal safety for C
Proceedings of the 2010 international symposium on Memory management
HotSec'09 Proceedings of the 4th USENIX conference on Hot topics in security
Baggy bounds checking: an efficient and backwards-compatible defense against out-of-bounds errors
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Architectural support for low overhead detection of memory violations
Proceedings of the Conference on Design, Automation and Test in Europe
Cling: A memory allocator to mitigate dangling pointers
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
Efficient protection against heap-based buffer overflows without resorting to magic
ICICS'06 Proceedings of the 8th international conference on Information and Communications Security
Mitigating program security vulnerabilities: Approaches and challenges
ACM Computing Surveys (CSUR)
Runtime countermeasures for code injection attacks against C and C++ programs
ACM Computing Surveys (CSUR)
Proceedings of the Tenth International Symposium on Code Generation and Optimization
Undangle: early detection of dangling pointers in use-after-free and double-free vulnerabilities
Proceedings of the 2012 International Symposium on Software Testing and Analysis
Watchdog: hardware for safe and secure manual memory management and full memory safety
Proceedings of the 39th Annual International Symposium on Computer Architecture
MemSafe: ensuring the spatial and temporal memory safety of C at runtime
Software—Practice & Experience
Improving Memory Management Security for C and C++
International Journal of Secure Software Engineering
CPM: Masking Code Pointers to Prevent Code Injection Attacks
ACM Transactions on Information and System Security (TISSEC)
Ironclad C++: a library-augmented type-safe subset of c++
Proceedings of the 2013 ACM SIGPLAN international conference on Object oriented programming systems languages & applications
WatchdogLite: Hardware-Accelerated Compiler-Based Pointer Checking
Proceedings of Annual IEEE/ACM International Symposium on Code Generation and Optimization
| Hi-index | 0.00 |
Memory-related errors, such as buffer overflows and dangling pointers, remain one of the principal reasons for failures of C programs. As a result, a number of recent research efforts have focused on the problem of dynamic detection of memory errors in C programs. However, existing approaches suffer from one or more of the following problems: inability to detect all memory errors (e.g., Purify), requiring non-trivial modifications to existing C programs (e.g., Cyclone), changing the memory management model of C to use garbage collection (e.g., CCured), and excessive performance overheads. In this paper, we present a new approach that addresses these problems. Our approach operates via source code transformation and combines efficient data-structures with simple, localized optimizations to obtain good performance.