Formally-Based black-box monitoring of security protocols
ESSoS'10 Proceedings of the Second international conference on Engineering Secure Software and Systems
A systematic review of software robustness
Information and Software Technology
| Hi-index | 0.00 |
COTS components, like software libraries, can be used to reduce the development effort. Unfortunately, many COTS components have been developed without a focus on robust- ness and security. We propose a novel approach to harden software libraries to improve their robustness and security. Our approach is automated, general and extensible and consists of the following stages. First, we use a static anal- ysis to prepare and guide the following fault injection. In the dynamic analysis stage, fault injection experiments exe- cute the library functions with both usual and extreme input values. The experiments are used to derive and verify one protection hypothesis per function (for instance, function foo fails if argument 1 is a NULL pointer). In the hard- ening stage, a protection wrapper is generated from these hypothesis to reject unrobust input values of library func- tions. We evaluate our approach by hardening a library used by Apache (a web server).