Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
NDSS
2007
IEEE
2007
IEEE
RICH: Automatically Protecting Against Integer-Based Vulnerabilities
We present the design and implementation of RICH (Run-time Integer CHecking), a tool for efficiently detecting integer-based attacks against C programs at run time. C integer bugs, a popular avenue of attack and frequent programming error [1–15], occur when a variable value goes out of the range of the machine word used to materialize it, e.g. when assigning a large 32-bit int to a 16-bit short. We show that safe and unsafe integer operations in C can be captured by well-known sub-typing theory. The RICH compiler extension compiles C programs to object code that monitors its own execution to detect integer-based attacks. We implemented RICH as an extension to the GCC compiler and tested it on several network servers and UNIX utilities. Despite the ubiquity of integer operations, the performance overhead of RICH is very low, averaging about 5%. RICH found two new integer bugs and caught all but one of the previously known bugs we tested. These results show that RICH is a useful and ...
Real-time Traffic| Added | 04 Jun 2010 |
| Updated | 04 Jun 2010 |
| Type | Conference |
| Year | 2007 |
| Where | NDSS |
| Authors | David Brumley, Dawn Xiaodong Song, Tzi-cker Chiueh, Rob Johnson, Huijia Lin |
Comments (0)
Researcher Info
|
