RICH: Automatically Protecting Against Integer-Based Vulnerabilities

Proceedings of the Symposium on Network and Distributed System Security, NDSS 2007

Volumn , Issue , 2007, Pages

  Brumley, David ^a   Chiueh, Tzi Cker ^a   Johnson, Robert ^a   Lin, Huijia ^a   Song, Dawn ^a  

^a NONE

Author keywords

[No Author keywords available]

Indexed keywords

C (PROGRAMMING LANGUAGE); INTEGER PROGRAMMING; NETWORK SECURITY; PROGRAM COMPILERS; PROGRAM DEBUGGING;

C PROGRAMS; DESIGN AND IMPLEMENTATIONS; INTEGER OPERATIONS; NETWORK SERVER; OBJECT CODE; PERFORMANCE; PROGRAMMING ERRORS; RUNTIMES; SOFTWARE TESTINGS; TESTING TOOLS;

SOFTWARE TESTING;

EID: 79952020076     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (48)

1. “Gocr ReadPGM NetPBM remote client-side integer overflow vulnerability,” CVE, April 2005. [Online]. Available: http://cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2005-1141
2. “Linux kernel (prior to 2.4.21) XDR routine interger signedness error,” CVE, Jul 2003. [Online]. Available: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0619
3. “JPEG COM marker processing vulnerability in netscape browsers,” Solar Designer, July 2000. [Online]. Available: http://www.openwall.com/advisories/OW-002-netscape-jpeg/
4. “SSH CRC-32 compensation attack detector vulnerability,” CVE, Feb 2001. [Online]. Available: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0144
5. “Linux kernel do brk() vulnerablility,” CVE, Dec 2003. [Online]. Available: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0961
6. “NetBSD repeated TIOSCTTY IOCTL buffer overflow vulnerability,” CVE, Sep 2002. [Online]. Available: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1490
7. “Samba function reply nttrans vulnerability,” SecuriTeam, Jul 2003. [Online]. Available: http://www.securiteam.com/exploits/5TP0M2AAKS.html
8. “Pine email header parsing vulnerability,” SecuriTeam, Sep 2003. [Online]. Available: http://www.securiteam.com/exploits/5DP0D1PB5Y.html
9. “GNU mailutils imap4d remote integer overflow vulnerability,” SecurityFocus, Sep 2004. [Online]. Available: http://www.securityfocus.com/bid/11198/
10. “Apache mod auth radius malformed RADIUS server reply vulnerability,” SecurityFocus, Jan 2005. [Online]. Available: http://www.securityfocus.com/bid/12217/
11. “Putty 0.53b SFTP client packet parsing integer overflow vulnerability,” SecurityFocus, Feb 2005. [Online]. Available: http://www.securityfocus.com/bid/12601/
12. “Samba directory access control list remote integer overflow vulnerability,” SecurityFocus, Dec 2004. [Online]. Available: http://www.securityfocus.com/bid/11973
13. “Mailutil-0.6 imap4d remote integer overflow vulnerability,” SecurityFocus, May 2005. [Online]. Available: http://www.securityfocus.com/bid/13763/
14. “libtiff STRIPOFFSETS integer overflow vulnerability,” iDEFENSE lab, Dec 2004. [Online]. Available: http://www.idefense.com/intelligence/vulnerabilities/display.php?id=173
15. “libtiff directory entry count integer overflow vulnerability,” iDEFENSE lab, Dec 2004. [Online]. Available: http://www.idefense.com/intelligence/vulnerabilities/display.php?id=174
16. ANSI, ISO/IEC 9899: Programming Langauges - C, 1999.
17. Ada95 Language Reference Manual, ISO/IEC, 1995.
18. B. Pierce, Ed., Advanced Topics in Types and Programming Languages. MIT Press, 2005.
19. B. C. Pierce, Types and Programming Languages. The MIT Press, 2002.
20. “CVE (version 20040901),” CVE. [Online]. Available: http://www.cve.mitre.org/cgi-bin/cvekey.cgi?keyword=integer
21. C. Cowan, C. Pu, D. Maier, and etc., “Stackguard: automatic adaptive detection and prevention of buffer-overflow attacks,” in USENIX Security Symposium, 1998, p. 63C77.
22. J. Condit, M. Harren, S. McPeak, and etc., “Ccured in the real world,” in Proceedings of the ACM SIGPLAN 2003 Conference on Programming Language Design and Implementation, June 2003.
23. D. Brumley, D. Song, and J. Slember, “Towards automatically eliminating integer-based vulnerabilities,” Carnegie Mellon University, Tech. Rep. CMU-CS-06-136, Mar 2006.
24. G. Necula, S. McPeak, S. Rahul, and W. Weimer, “CIL: Intermediate language and tools for analysis and transformation of C,” in Proc. Conference on Compiler Construction, 2002.
25. G. Necula, S. McPeak, S. Rahul, and W. Weimer, “CIL version 1.3.3,” http://manju.cs.berkeley.edu/cil/, 2005.
26. D. Dyer, “The top 10 ways to get screwed by the”c” programming language,” http://www.andromeda.com/people/ddyer/topten.html, 2003.
27. O. Horovitz, “Big loop integer protection,” Phrack Inc., Dec 2002. [Online]. Available: http://www.phrack.org/phrack/60/p60-0x09.txt
28. D. LeBlanc, “Integer handling with the C++ SafeInt class,” Jan 2004. [Online]. Available: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dncode/html/secure01142004.asp
29. M. Howard, “An overlooked construct and an integer overflow redux,” Sep 2003. [Online]. Available: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dncode/html/secure09112003.asp
30. M. Howard et al., “Safe integer arithmetic in C,” Feb 2006. [Online]. Available: http://blogs.msdn.com/ michael howard/archive/2006/02/02/523392.aspx
31. P. H. I. Systems, “SPARK/ada,” http://www.praxis-his.com/sparkada/sparkprojects.asp.
32. J. Barnes, High Integrity Software: The SPARK Approach to Safety and Security. Addison Wesley, 2003.
33. G. C. Necula, S. McPeak, and W. Weimer, “CCured: type-safe retrofitting of legacy code,” in Proceedings of the Symposium on Principles of Programming Languages, 2002.
34. T. Jim, G. Morrisett, D. Grossman, M. Hicks, J. Cheney, and Y. Wang, “Cyclone: A safe dialect of c,” in USENIX Annual Technical Conference, 2002.
35. E. Clarke, D. Kroening, and F. Lerda, “A tool for checking ANSI-C programs,” in Tools and Algorithms for the Construction and Analysis of Systems (TACAS 2004), ser. Lecture Notes in Computer Science, K. Jensen and A. Podelski, Eds., vol. 2988. Springer, 2004, pp. 168–176.
36. Y. Xie and A. Aiken, “Saturn: A SAT-based tool for bug detection,” in Proceedings of the 17th Conference on Computer Aided Verification, 2005.
37. M. Musuvathi, D. Park, A. Chou, D. Engler, and D. Dill, “CMC: A prgramatic approach to model checking real code,” in Proceedings of the 5th symposium on operating systems design and implementation, 2002.
38. T. Ball, R. Majumdar, T. Millstein, and S. K. Rajamani, “Automatic predicate abstraction of C programs,” in Programming Language Design and Implementation (PLDI), 2001.
39. P. Cousot, R. Cousot, J. Feret, L. Mauborgne, A. Mine, D. Monniaux, and X. Rival, “The ASTREE static analyzer,” http://www.astree.ens.fr/.
40. D. Engler, D. Chen, S. Hallem, A. Chou, and B. Chelf, “Bugs as deviant behavior: A general approach to inferring errors in systems code,” in Symposium on Operating System Principles, 2001.
41. th International Conference on Programming Language Design and Implementation (PLDI), 2002.
42. A. Aho, R. Sethi, and J. Ullman, Compilers: Principles, Techniques, and Tools. Addison-Wesley Publishing Company, 1986.
43. S. Muchnick, Advanced Compiler Design and Implementation. Academic Press, 1997.
44. th International Conference on Compiler Construction (CC), 2004.
45. nd workshop on Semantics, Program Analysis and Computing Environments for Memory Management, 2004.
46. T. Freeman and F. Pfenning, “Refinement types for ML,” 1991.
47. S. Bhatkar, R. Sekar, and D. DuVarney, “Efficient techniques for comprehensive protection from memory error exploits,” in Proceedings of the 14th USENIX Security Symposium, August 2005.
48. J. Yang, T. Kremenek, Y. Xie, and D. Engler, “MECA: an extensible, expressive system and language for statically checking security properties,” in Proceedings of the 10th ACM conference on Computer and communication security. ACM Press, 2003, pp. 321–334.