Cyclone: A safe dialect of C

Proceedings of the 2002 USENIX Annual Technical Conference

Volumn , Issue , 2002, Pages

  Jim, Trevor ^a   Morrisett, Greg ^b   Grossman, Dan ^b   Hicks, Michael ^b   Cheney, James ^b   Wang, Yanling ^b  

^a AT AND T LABS RESEARCH   (United States)

^b Department of Obstetrics Gynecology   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

SEMANTICS; STORMS;

BUFFER OVERFLOWS; C PROGRAMS; DATA REPRESENTATIONS; FORMAT STRING; MEMORY MANAGEMENT; SAFE DIALECTS; SAFETY VIOLATIONS;

C (PROGRAMMING LANGUAGE);

EID: 85084164164     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (34)

1. Todd M. Austin, Scott E. Breach, and Gurindar S. Sohi. Efficient detection of all pointer and array access errors. In ACM Conference on Programming Language Design and Implementation, pages 290–301, June 1994.
2. Thomas Ball, Rupak Majumdar, Todd Millstein, and Sriram K. Rajamani. Automatic predicate abstraction of C programs. In Proceedings of the ACM Conference on Programming Language Design and Implementation, pages 203–213, June 2001.
3. Thomas Ball and Sriram K. Rajamani. Automatically validating temporal safety properties of interfaces. In SPIN 2001, Workshop on Model Checking of Software, volume 2057 of Lecture Notes in Computer Science, pages 103–122. Springer-Verlag, May 2001.
4. Arash Baratloo, Navjot Singh, and Timothy Tsai. Transparent run-time defense against stack-smashing attacks. In USENIX Annual 2000 Technical Conference, San Diego, California, June 2000.
5. William R. Bush, Jonathan D. Pincus, and David J. Sielaff. A static analyzer for finding dynamic programming errors. Software, Practice, and Experience, 30(7):775–802, 2000.
6. CERT. Denial-of-service attack via ping. Advisory CA–1996–26, December 18, 1996. http://www.cert.org/advisories/CA-1996-26.html.
7. CERT. Double free bug in zlib compression library. Advisory CA–2002–07, March 12, 2002. http://www.cert.org/advisories/CA-2002-07.html.
8. Crispin Cowan, Matt Barringer, Steve Beattie, and Greg Kroah-Hartman. Formatguard: Automatic protection from printf format string vulnerabilities. In 10th USENIX Security Symposium, Washington, D.C., August 2001.
9. Crispin Cowan, Calton Pu, Dave Maier, Heather Hinton, Jonathan Walpole, Peat Bakke, Steve Beattie, Aaron Grier, Perry Wagle, and Qian Zhang. Stackguard: Automatic adaptive detection and prevention of buffer-overflow attacks. In 7th USENIX Security Symposium, San Antonio, Texas, January 1998.
10. Cyclone. http://www.cs.cornell.edu/projects/cyclone/.
11. John DeVale and Philip Koopman. Performance evaluation of exception handling in I/O libraries. In The International Conference on Dependable Systems and Networks, June 2001.
12. Roman Drahtmueller. Re: SuSE Linux 6.x 7.0 Ident buffer overflow. Bugtraq mailing list, November 29, 2000. http://www.securityfocus.com/archive/1/147592.
13. Dawson Engler, Benjamin Chelf, Andy Chou, and Seth Hallem. Checking system rules using system-specific, programmer-written compiler extensions. In Proceedings of the Fourth USENIX Symposium on Operating Systems Design and Implementation, October 2000.
14. Dawson Engler, David Yu Chen, Seth Hallem, Andy Chou, and Benjamin Chelf. Bugs as deviant behavior: A general approach to inferring errors in systems code. In Proceedings of Eighteenth ACM Symposium on Operating Systems Principles, October 2001.
15. Chris Evans. “gdm” remote hole. Bugtraq mailing list, May 22, 2000. http://www.securityfocus.com/archive/1/61099.
16. Chris Evans. Very interesting traceroute flaw. Bugtraq mailing list, September 28, 2000. http://www.securityfocus.com/archive/1/136215.
17. David Evans. Static detection of dynamic memory errors. In SIGPLAN Conference on Programming Language Design and Implementation, May 1996.
18. Justin E. Forrester and Barton P. Miller. An empirical study of the robustness of Windows NT applications using random testing. In 4th USENIX Windows Systems Symposium, August 2000.
19. Mike Frantzen and Mike Shuey. Stackghost: Hardware facilitated stack protection. In 10th USENIX Security Symposium, Washington, D.C., August 2001.
20. Dan Grossman and Greg Morrisett. Scalable certification for typed assembly language. In 3rd International Workshop on Types in Compilation, volume 2071 of Lecture Notes in Computer Science, pages 117–145, Montreal, Canada, September 2000. Springer-Verlag.
21. Dan Grossman, Greg Morrisett, Trevor Jim, Michael Hicks, Yanling Wang, and James Cheney. Region-based memory management in Cyclone. In Proceedings of the ACM Conference on Programming Language Design and Implementation. ACM, June 2002.
22. Raj Jain. The Art of Computer Systems Performance Analysis. Wiley, 1991.
23. Philip Koopman and John DeVale. The exception handling effectiveness of POSIX operating systems. IEEE Transactions on Software Engineering, 26(9), September 2000.
24. David Larochelle and David Evans. Statically detecting likely buffer overflow vulnerabilities. In 10th USENIX Security Symposium, Washington, D.C., August 2001.
25. Elias Levy. Re: rpc.ttdbserverd on solaris 7. Bugtraq mailing list, November 19, 1999. http://www.securityfocus.com/archive/1/35480.
26. Greg McGary. Bounds checking projects. http://www.gnu.org/software/gcc/projects/bp/main.html.
27. MediaNet. http://www.cs.cornell.edu/people/mhicks/medianet.htm.
28. Barton P. Miller, Lars Fredriksen, and Bryan So. An empirical study of the reliability of Unix utilities. Communications of the ACM, 33(12):32–44, December 1990.
29. Robin Milner, Mads Tofte, and Robert Harper. The Definition of Standard ML. MIT Press, 1990.
30. Greg Morrisett, Karl Crary, Neal Glew, Dan Grossman, Richard Samuels, Frederick Smith, David Walker, Stephanie Weirich, and Steve Zdancewic. TALx86: A realistic typed assembly language. In Second ACM SIGPLAN Workshop on Compiler Support for System Software, pages 25–35, Atlanta, GA, 1999. Published as INRIA Technical Report 0288, March, 1999.
31. George C. Necula, Scott McPeak, and Westley Weimer. CCured: Type-safe retrofitting of legacy code. In Twenty-Ninth ACM Symposium on Principles of Programming Languages, Portland, OR, January 2002. To appear.
32. Umesh Shankar, Kunal Talwar, Jeffrey S. Foster, and David Wagner. Detecting format string vulnerabilities with type qualifiers. In 10th USENIX Security Symposium, Washington, D.C., August 2001.
33. Stephan Somogyi and Bruce Schneier. Inside risks: The perils of port 80. Communications of the ACM, 44(10), October 2001.
34. “tf8”. Wu-Ftpd remote format string stack overwrite vulnerability. Bugtraq vulnerability 1387, June 22, 2000. http://www.securityfocus.com/bid/1387.