A fresh look at optimizing array bound checking
PLDI '90 Proceedings of the ACM SIGPLAN 1990 conference on Programming language design and implementation
A static analyzer for finding dynamic programming errors
Software—Practice & Experience
Symbolic bounds analysis of pointers, array indices, and accessed memory regions
PLDI '00 Proceedings of the ACM SIGPLAN 2000 conference on Programming language design and implementation
ABCD: eliminating array bounds checks on demand
PLDI '00 Proceedings of the ACM SIGPLAN 2000 conference on Programming language design and implementation
Automatically validating temporal safety properties of interfaces
SPIN '01 Proceedings of the 8th international SPIN workshop on Model checking of software
Using symbolic execution for verifying safety-critical systems
Proceedings of the 8th European software engineering conference held jointly with 9th ACM SIGSOFT international symposium on Foundations of software engineering
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
CCured: type-safe retrofitting of legacy code
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Predicate abstraction for software verification
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Designing the McCAT Compiler Based on a Family of Structured Intermediate Representations
Proceedings of the 5th International Workshop on Languages and Compilers for Parallel Computing
ATEC '02 Proceedings of the General Track of the annual conference on USENIX Annual Technical Conference
Type-Assisted Dynamic Buffer Overflow Detection
Proceedings of the 11th USENIX Security Symposium
Using Programmer-Written Compiler Extensions to Catch Security Holes
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
An empirical study of the robustness of MacOS applications using random testing
Proceedings of the 1st international workshop on Random testing
Detecting format string vulnerabilities with type qualifiers
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Countering code-injection attacks with instruction-set randomization
Proceedings of the 10th ACM conference on Computer and communications security
Buffer overrun detection using linear programming and static analysis
Proceedings of the 10th ACM conference on Computer and communications security
Consistency analysis of authorization hook placement in the Linux security modules framework
ACM Transactions on Information and System Security (TISSEC)
CUTE: a concolic unit testing engine for C
Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of software engineering
Combining static analysis and runtime monitoring to counter SQL-injection attacks
WODA '05 Proceedings of the third international workshop on Dynamic analysis
Automatic detection and correction of programming faults for software applications
Journal of Systems and Software
Proceedings of the 12th ACM conference on Computer and communications security
Software partitioning for effective automated unit testing
EMSOFT '06 Proceedings of the 6th ACM & IEEE International conference on Embedded software
EXE: automatically generating inputs of death
Proceedings of the 13th ACM conference on Computer and communications security
PathExpander: Architectural Support for Increasing the Path Coverage of Dynamic Bug Detection
Proceedings of the 39th Annual IEEE/ACM International Symposium on Microarchitecture
SUDS: an infrastructure for dynamic software bug detection using static analysis
ACM SIGSOFT Software Engineering Notes
An adaptive expert system approach for intrusion detection
International Journal of Security and Networks
Dynamic taint propagation: Finding vulnerabilities without attacking
Information Security Tech. Report
Testing for buffer overflows with length abstraction
ISSTA '08 Proceedings of the 2008 international symposium on Software testing and analysis
SHIELD: a software hardware design methodology for security and reliability of MPSoCs
Proceedings of the 45th annual Design Automation Conference
EMSOFT '08 Proceedings of the 8th ACM international conference on Embedded software
LOCS: a low overhead profiler-driven design flow for security of MPSoCs
CODES+ISSS '08 Proceedings of the 6th IEEE/ACM/IFIP international conference on Hardware/Software codesign and system synthesis
EXE: Automatically Generating Inputs of Death
ACM Transactions on Information and System Security (TISSEC)
Testudo: Heavyweight security analysis via statistical sampling
Proceedings of the 41st annual IEEE/ACM International Symposium on Microarchitecture
Taint-based directed whitebox fuzzing
ICSE '09 Proceedings of the 31st International Conference on Software Engineering
Building an Application Data Behavior Model for Intrusion Detection
Proceedings of the 23rd Annual IFIP WG 11.3 Working Conference on Data and Applications Security XXIII
Control-flow integrity principles, implementations, and applications
ACM Transactions on Information and System Security (TISSEC)
Application Data Consistency Checking for Anomaly Based Intrusion Detection
SSS '09 Proceedings of the 11th International Symposium on Stabilization, Safety, and Security of Distributed Systems
An Empirical Study of Structural Constraint Solving Techniques
ICFEM '09 Proceedings of the 11th International Conference on Formal Engineering Methods: Formal Methods and Software Engineering
Prevention of cross-site scripting attacks on current web applications
OTM'07 Proceedings of the 2007 OTM confederated international conference on On the move to meaningful internet systems: CoopIS, DOA, ODBASE, GADA, and IS - Volume Part II
SUDS: an infrastructure for creating dynamic software defect detection tools
Automated Software Engineering
Dynamic test generation to find integer bugs in x86 binary linux programs
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Defending against injection attacks through context-sensitive string evaluation
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
A case for unlimited watchpoints
ASPLOS XVII Proceedings of the seventeenth international conference on Architectural Support for Programming Languages and Operating Systems
The potential of sampling for dynamic analysis
Proceedings of the ACM SIGPLAN 6th Workshop on Programming Languages and Analysis for Security
A survey on detection techniques to prevent cross-site scripting attacks on current web applications
CRITIS'07 Proceedings of the Second international conference on Critical Information Infrastructures Security
Software model checking: searching for computations in the abstract or the concrete
IFM'05 Proceedings of the 5th international conference on Integrated Formal Methods
Verifying GPU kernels by test amplification
Proceedings of the 33rd ACM SIGPLAN conference on Programming Language Design and Implementation
make test-zesti: a symbolic execution solution for improving regression testing
Proceedings of the 34th International Conference on Software Engineering
SymDrive: testing drivers without devices
OSDI'12 Proceedings of the 10th USENIX conference on Operating Systems Design and Implementation
Control-flow integrity principles, implementations, and applications
ACM Transactions on Information and System Security (TISSEC)
| Hi-index | 0.00 |
Improperly bounded program inputs present a major class of program defects. In secure applications, these bugs can be exploited by malicious users, allowing them to overwrite buffers and execute harmful code. In this paper, we present a high coverage dynamic technique for detecting software faults caused by improperly bounded program inputs. Our approach is novel in that it retains the advantages of dynamic bug detection, scope and precision; while at the same time, relaxing the requirement that the user specify the input that exposes the bug. To implement our approach, inputs are shadowed by additional state that characterize the allowed bounds of input-derived variables. Program operations and decision points may alter the shadowed state associated with input variables. Potentially hazardous program sites, such as an array references and string functions, are checked against the entire range of values that the user might specify. The approach found several bugs including two high-risk security bugs in a recent version of OpenSSH.