As-If Infinitely Ranged Integer Model, Second Edition

As-If Infinitely Ranged Integer Model, Second Edition

Integers represent a growing and underestimated source of vulnerabilities in C and C++ programs. This report presents the as-if infinitely ranged (AIR) integer model that provides a largely auto-mated mechanism for eliminating integer overflow and truncation and other integral exceptional conditions...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Dannenberg, Roger, Dormann, Will, Keaton, David, Plum, Thomas, Seacord, Robert C, Svoboda, David, Volkovitsky, Alex, Wilson, Timothy
Format: Report
Sprache:eng
Schlagworte:
AIR(AS-IF INFINITELY RANGED)
ANALYTIC NUMBER THEORY
COMPUTER ARCHITECTURE
Computer Programming and Software
Computer Systems
Computer Systems Management and Standards
DATA PROCESSING SECURITY
ELECTRONIC SECURITY
FUZZ TESTING
INTEGER PROGRAMMING
NUMBER THEORY
Numerical Mathematics
RUNTIME
SOFTWARE ENGINEERING
TRUNCATION
VULNERABILITY
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Integers represent a growing and underestimated source of vulnerabilities in C and C++ programs. This report presents the as-if infinitely ranged (AIR) integer model that provides a largely auto-mated mechanism for eliminating integer overflow and truncation and other integral exceptional conditions. The AIR integer model either produces a value equivalent to that obtained using infinitely ranged integers or results in a runtime-constraint violation. Instrumented fuzz testing of libraries that have been compiled using a prototype AIR integer compiler has been effective in discovering vulnerabilities in software with low false positive and false negative rates. Further-more, the runtime overhead of the AIR integer model is low enough for typical applications to enable it in deployed systems for additional runtime protection. The original document contains color images.