Using program transformation to secure C programs against buffer overflows

Proceedings - Working Conference on Reverse Engineering, WCRE

Volumn 2003-January, Issue , 2003, Pages 323-332

  Dahn, Christopher ^a   Mancoridis, Spiros ^a  

^a Drexel University   (United States)

Author keywords

Buffer overflow; Computer science; Computer security; Costs; Domain name system; Educational institutions; Linux; Memory management; Programming profession; Runtime

Indexed keywords

BUFFER AMPLIFIERS; BUFFER STORAGE; COMPUTER OPERATING SYSTEMS; COMPUTER PROGRAMMING; COMPUTER SCIENCE; COMPUTER SYSTEMS PROGRAMMING; COSTS; LINUX; REVERSE ENGINEERING; SECURITY OF DATA; SEMANTICS; SOFTWARE ENGINEERING;

BUFFER OVERFLOWS; DOMAIN NAME SYSTEM; EDUCATIONAL INSTITUTIONS; MEMORY MANAGEMENT; PROGRAMMING PROFESSION; RUNTIMES;

C (PROGRAMMING LANGUAGE);

EID: 84944558150     PISSN: 10951350     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/WCRE.2003.1287263     Document Type: Conference Paper

References (24)

1. Computer Security Institute, Computer Crime and Security Survey. 2002. http://www.gocsi.com/press/20020407.html.
2. Buffer overflow in DNS, http://icat.nist.gov/icat.cfm?cvename=CAN-2002-1219.
3. Percentage of bind installations for DNS, http://www.isi.edu/ bmanning/in-addr-versions.html.
4. B. Buck and J. K. Hollingsworth. An API for Runtime Code Patching. The International Journal of High Performance Computing Applications, 14(4):317-329, Winter 2000.
5. Cigital. ITS4 http://www.cigital.com/its4/.
6. J. R. Cordy, T. R. Dean, A. J. Malton, and K. A. Schneider. Software Engineering by Source Transformation - Experience With TXL. In Proceedings from SCAM'01 - IEEE 1st International Workshop on Source Code Analysis and Manipulation, pages 168-178, November 2001.
7. J. R. Cordy, T. R. Dean, A. J. Malton, and K. A. Schneider. Source Transformation in Software Engineering Using the TXL Transformation System. Journal of Information and Software Technology, 44(13):827-837, October 2002.
8. C. Cowan, C. Pu, D. Maier, H. Hinton, P. Bakke, S. Beattie, A. Grier, P. Wagle, and Q. Zhang. Automatic Detection and Prevention of Buffer-Overflow Attacks. In Proceedings of the 7th USENIX Security Symposium, January 1998.
9. D. DaCosta, C. Dahn, S. Mancoridis, and V. Prevelakis. Characterizing the 'Security Vulnerability Likelihood' of Software Functions. In Proceedings from the IEEE International Conference on Software Maintenance, September 2003.
10. M. Frantzen and M. Shuey. Stackghost: Hardware Facilitated Stack Protection. In Proceedings of the 10th USENIX Security Symposium, August 2001.
11. Gemini, http://serg.cs.drexel.edu/gemini/.
12. R. W. M. Jones and P. H. J. Kelly. Backwards-Compatible Bounds Checking for Arrays and Pointers in C Programs. In Automated and Algorithmic Debugging, pages 13-26, 1997.
13. B. W. Kernighan and D. M. Ritchie. The C Programming Language. Prentice Hall, Inc., Upper Saddle River, New Jersey, 1988.
14. D. Larochelle and D. Evans. Statically Detecting Likely Buffer Overflow Vulnerabilites. In Proceedings of the 10th USENIX Security Symposium, August 2001.
15. J. Nazario. Source Code Scanners for Better Code. Linux Journal, January 2002. http://www.linuxjournal.com/article.php?sid=5673.
16. A. One. Smashing The Stack For Fun and Profit. Phrack Magazine, 7(49), November 1996.
17. SecureSoftware. RATS http://www.securesoft.com/rats.php.
18. S. Sidiroglou and A. D. Keromytis. A Network Worm Vaccine Architecture. In IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises, June 2003.
19. Percentage of SMTP mail transfer daemons, http://www.bbv.com/SMTP/SMTP-2001-Stats.jpg.
20. J. Viega and G. McGraw. Building Secure Software. Addison Wesley, 2002.
21. E. Visser. A Survey of Rewriting Strategies in Program Transformation Systems. Electronic Notes in Theoretical Computer Science, 57, 2001.
22. E. Visser. Stratego: A Language for Program Transformation Based on Rewriting Strategies. Lecture Notes in Computer Science, 2051, May 2001.
23. Percentage of web server installations, http://news.netcraft.com/archives/web-server-survey.html.
24. D. Wheeler. Flawfinder http://www.dwheeleer.com/flawfinder/.