|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Robert Seacord (rcs
cert.org)
Date: Mon Jul 20 2009 - 08:05:18 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
The Secure Coding Initiative at CERT has published a new Technical Note CMU/SEI-2009-TN-023 entitled "As-if Infinitely Ranged Integer Model".
Abstract:
Integer overflow and wraparound are major causes of software vulnerabilities in the C and C++ programming languages. In this paper we present the as-if infinitely ranged (AIR) integer model, which provides a largely automated mechanism for eliminating integer overflow and integer truncation. The AIR integer model either produces a value equivalent to one that would have been obtained using infinitely ranged integers or results in a runtime constraint violation. Unlike previous integer models, AIR integers do not require precise traps, and consequently do not break or inhibit most existing optimizations.
Authors:
David Keaton (self)
Thomas Plum (Plum Hall Inc.)
Robert C. Seacord (SEI/CERT)
David Svoboda (SEI/CERT)
Alex Volkovitsky (SEI/CERT)
Timothy Wilson (SEI/CERT)
A PDF Download of this paper is available at: http://www.sei.cmu.edu/publications/documents/09.reports/09tn023.html
I would be interested in hearing your opinions on this work, either publically or privately.
We are planning on continuing this project, as described by the report.
Thanks,
rCs
----
Robert C. Seacord
Secure Coding Team Lead
CERT / Software Engineering Institute
Work: +1 412.268.7608
FAX: +1 412.268.6989
_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]