Enhancing security using legality assertions

Proceedings - Working Conference on Reverse Engineering, WCRE

Volumn 2005, Issue , 2005, Pages 35-44

  Wang, Lei ^a   Cordy, James R ^a   Dean, Thomas R ^a  

^a QUEEN S UNIVERSITY   (Canada)

Author keywords

[No Author keywords available]

Indexed keywords

AUTOMATION; C (PROGRAMMING LANGUAGE); CODES (STANDARDS); DIGITAL LIBRARIES; MATHEMATICAL TRANSFORMATIONS; SECURITY OF DATA;

ANNOTATE; BUFFER OVERFLOWS; HEAP MEMORY; STACK MEMORY;

LAWS AND LEGISLATION;

EID: 33846246751     PISSN: 10951350     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/WCRE.2005.36     Document Type: Conference Paper

References (30)

1. Schneider, F. B., S. M. Bellovin, M. Branstad, J. R. Catoe, S. D. Crocker, C. Kaufman, S. T. Kent, J. C. Knight, S. McGeady, R. R. Nelson, A. M. Schiffman, G. A. Spix, and D. Tygar, Trust in Cyberspace. National Academy Press, 1999, Committee on Information Systems Trustworthiness, National Research Council.
2. S. Bellovin, "Buffer Overflows and Remote Root Exploits", Personal Communications, October, 1999.
3. D. Wheeler. FlawFinder. http://www.dwheeler.com/flawfinder/.
4. SecureSoftware. RATS. http://www.securesoft.com/rats.php.
5. th Annual Computer Security Applications Conference, New Orleans, Louisiana, December, 2000, pp.257-268.
6. D. Larochelle, and D. Evans, "Statically Detecting Likely Buffer Overflow Vulnerabilities", In USENIX Security Symposium, Washington D. C., 2001.
7. D. Wagner, J. S. Foster, E. A. Brewer, and A. Aiken, "A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities", Network and Distributed System Security Symposium, February 2000.
8. S.C. Kendall, "Bcc: Run-time Checking for C programs", USENIX Toronto 1983 Summer Conference Proceedings, USENIX Association, El. Cerito, California, USA, 1983.
9. J. L. Steffen, "Adding Run-time Checking to the Portable C Compiler", Software - Practice and Experence, 22(4), 1992, pp.305-316.
10. R. W. M. Jones, and P. H. J.Kelly. "Backwards-compatible Bounds Checking for Arrays and Pointers in C Programs", Automated and Algorithmic Debugging, 1997, pp.13-26.
11. R. Hastings, and B. Joyce, "Purify: Fast Detection of Memory Leaks and Access Errors", Proceedings of the Winter USENIX Conference, 1992, pp.125-136.
12. th USENIX Security Conference, San Antonio, TX, January, 1998, pp.63-77.
13. D. B. Wortman, "On Legality Assertions in Euclid", IEEE Transactions on Software Engineering, Vol.4, July 1979, pp.359-367.
14. J.R. Cordy, "TXL - A Language for Programming Language Tools and Applications", Proc. LDTA 2004, ACM 4th International Workshop on Language Descriptions, Tools and Applications, Electronic Notes in Theorectical Computer Science 110, December 2004, pp. 3-31.
15. C. Cowan, P. Wagle, C. Pu, S. Beattie, and J. Walpole, "Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade", Invited talk at System Administration and Network Security (SANS) 2000.
16. A. One, "Smashing Stack for Fun and Profit". www.insecure.org/stf/smashstack.txt.
17. J. Pincus, and B. Baker, "Beyond Stack Smashing: Recent Advances in Exploiting Buffer Overruns", IEEE Security & Privacy, Vol. 2, No. 4, 2004, pp.20-27.
18. J.R. Cordy, K.A. Schneider, T.R. Dean, and A.J. Malton, "HSML: Design Directed Source Code Hot Spots", Proc. IWPC 2001 - IEEE 9th International Workshop on Program Comprehension, Toronto, May 2001, pp. 145-154.
19. J.R.Cordy, T. Dean, A. Malton, and K. Schneider, "Source Transformation in Software Engineering Using the TXL Transformation System", Special Issue on Source code Analysis and Manipulation. Journal of Information and Software Technology, 44(13), pp.827-837.
20. U.K. Government, Communications-Electronics Security Group, Network Defence Team, 2004
21. T.R. Dean, J.R. Cordy, A.J. Malton, and K.A. Schneider, "Agile Parsing in TXL", Journal of Automated Software Engineering 10, 4, October 2003, pp.311-336.
22. th Working Conference on Reverse Engineering, British Columbia, Canada, November, 2003, pp.323-332.
23. O. Tal, S. Knight, and T. R. Dean, "Syntax-based Vulnerability Testing of Frame-based Network Protocols", Proc. 2nd Annual Conference on Privacy, Security and Trust, Fredericton, Canada, October 2004, pp.155-160.
24. th Working Conference on Reverse Engineering, Delft, Netherlands, November, 2004, pp. 161-170.
25. th Working Conference on Reverse Engineering, Delft, Netherlands, November, 2004, pp.2.
26. th Working Conference on Reverse Engineering, Delft, Netherlands, November, 2004, pp.58-67.
27. th Working Conference on Reverse Engineering, Delft, Netherlands, November, 2004, pp.132-141.
28. http://lists.virus.org/dailydave-0311/msg00020.html.
29. D. Beyer, T. H. Henzinger, R. Jhala, and R. Majumdar, "Checking Memory Safety with Blast", Proc Fundamental Approaches to Software Engineering, LNCS 3442, Edinburgh, Scotland, April, 2005, pp. 2-18.
30. G. C. Necula, S. McPeak, and W. Weimer, "CCured: Type-safe Retrofitting of Legacy Code", Proc Principles of Program. Lang., Portland, January, 2002, pp. 49-61.