As-if infinitely ranged integer model

Proceedings - International Symposium on Software Reliability Engineering, ISSRE

Volumn , Issue , 2010, Pages 91-100

  Dannenberg, Roger B ^a   Dormann, Will ^b   Keaton, David ^b   Seacord, Robert C ^b   Svoboda, David ^b   Volkovitsky, Alex ^b   Wilson, Timothy ^b   Plum, Thomas ^c  

^a Carnegie Mellon University ^*  (United States)

^b CARNEGIE MELLON UNIVERSITY   (United States)

^c Plum Hall Inc   (United States)

Author keywords

Empirical study; Programming languages; Software security

Indexed keywords

CONSTRAINT VIOLATION; DEPLOYED SYSTEMS; EMPIRICAL STUDIES; FALSE NEGATIVE RATE; FALSE POSITIVE; FUZZ TESTING; INTEGER OVERFLOW; PROGRAMMING LANGUAGE; RUNTIME OVERHEADS; RUNTIMES; SOFTWARE SECURITY; SOURCE CODES; TYPICAL APPLICATION;

COMPUTER PROGRAMMING; COMPUTER SOFTWARE SELECTION AND EVALUATION; PROGRAM COMPILERS; QUALITY ASSURANCE; SECURITY OF DATA;

SOFTWARE RELIABILITY;

EID: 79952022137     PISSN: 10719458     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ISSRE.2010.29     Document Type: Conference Paper

References (14)

1. Heffley, J. and Meunier, P. 2004. "Can Source Code Auditing Software Identify Common Vulnerabilities and Be Used to Evaluate Software Security?" Proc. 37th Annual Hawaii international Conference on System Sciences (HICSS'04) - Track 9 - Volume 9 (January 05 - 08, 2004). HICSS. IEEE Computer Society, Washington, DC, 90277.
2. Seacord, R. C. Secure Coding in C and C++ (SEI Series in Software Engineering). Addison-Wesley Professional, 2005.
3. Christy, Steve and Martin, Robert A. Vulnerability Type Distributions in CVE. Document Version: 1.1. May 22, 2007. http://cve.mitre.org/docs/vuln-trends/ vuln-trends.pdf
4. Solar Designer. JPEG COM Marker Processing Vulnerability in Netscape Browsers. OpenWall Project, July 2000. http://www.openwall.com/advisories/OW- 002-netscape-jpeg.txt
5. Seacord, R. The CERT C Secure Coding Standard. 1st. Addison-Wesley Professional, 2008.
6. Lions, J. L. ARIANE 5 Flight 501 Failure Report. Paris, France: European Space Agency (ESA) & National Center for Space Study (CNES) Inquiry Board, July 1996.
7. Michael D. Adams. JasPer Software Reference Manual (Version 1.900.0). December 2006. http://www.ece.uvic.ca/~mdadams/jasper/jasper.pdf
8. Brumley, David; Chiueh, Tzi-cker; Johnson, Robert; Lin, Huijia; and Song, Dawn. "RICH: Automatically Protecting Against Integer-Based Vulnerabilities." Proc. NDSS, San Diego, CA, Feb. 2007. Reston, VA: ISOC, 2007. http://www.cs.berkeley.edu/~dawnsong/papers/efficient-detection-integer- based-attacks.pdf
9. Jones, Larry. WG14 N1401 Committee Draft ISO/IEC 9899:201x. International Standards Organization, November 24, 2009.
10. Hedquist, Barry. ISO/JTC1/SC22/WG14 AND INCITS PL22.11 MARCH/APRIL MEETING. MINUTES). Washington, D.C.: International Committee for Information Technology Standards, 2009. http://www.open-std.org/jtc1/sc22/wg14/www/docs/ n1421.pdf
11. International Standards Organization. ISO/IEC TR 24731. Extensions to the C Library, - Part I: Bounds-checking interfaces. Geneva, Switzerland: International Standards Organization, April 2006.
12. Plum, Thomas and Keaton, David M. "Eliminating Buffer Overflows, Using the Compiler or a Standalone Tool." Proc. Workshop on Software Security Assurance Tools, Techniques, and Metrics, Long Beach, CA, November 7-8, 2005. Washington, D.C.: U.S. National Institute of Standards and Technology (NIST), 2005. http://samate.nist.gov/docs/NIST-Special-Publication-500-265.pdf
13. International Standards Organization. Programming Languages - C++, Final Committee Draft, ISO/IEC JTC1 SC22 WG21 N3092. International Standards Organization, March 2010.
14. Intel, Corp. The IA-32 Intel Architecture Software Developer's Manual. Denver, CO: Intel Corp., 2004.