Results 1 - 10 of 414

Memory overflow protection for embedded systems using runtime checks, reuse and compression

by Surupa Biswas, Matthew Simpson, Rajeev Barua - In Proceedings of the International Conference on Compilers, Architecture & Synthesis for Embedded Systems (CASES’04). ACM
"... Out-of-memory errors are a serious source of unreliability in most embedded systems. Applications run out of main memory because of the frequent difficulty of estimating the memory requirement before deployment, either because it depends on input data, or be-cause certain language features prevent e ..."
Abstract - Cited by 14 (2 self) - Add to MetaCart
Out-of-memory errors are a serious source of unreliability in most embedded systems. Applications run out of main memory because of the frequent difficulty of estimating the memory requirement before deployment, either because it depends on input data, or be-cause certain language features prevent

Memory Overflow Protection for Embedded Systems using Run-time Checks, Reuse and Compression

by Surupa Biswas Surupa - In Proc. of the Conf. on Compilers, Architecture, and Synthesis for Embedded Systems (CASES , 2004
"... Out-of-memory errors are a serious source of unreliability in most embedded systems. Applications run out of main memory because of the frequent difficulty of estimating the memory requirement before deployment, either because it depends on input data, or because certain language features prevent es ..."
Abstract - Add to MetaCart
Out-of-memory errors are a serious source of unreliability in most embedded systems. Applications run out of main memory because of the frequent difficulty of estimating the memory requirement before deployment, either because it depends on input data, or because certain language features prevent

Cyclone: A safe dialect of C

by Trevor Jim, Greg Morrisett , Dan Grossman , Michael Hicks , James Cheney, Yanling Wang
"... Cyclone is a safe dialect of C. It has been designed from the ground up to prevent the buffer overflows, format string attacks, and memory management errors that are common in C programs, while retaining C's syntax and semantics. This paper examines safety violations enabled by C's design ..."
Abstract - Cited by 401 (24 self) - Add to MetaCart
Cyclone is a safe dialect of C. It has been designed from the ground up to prevent the buffer overflows, format string attacks, and memory management errors that are common in C programs, while retaining C's syntax and semantics. This paper examines safety violations enabled by C

A Practical Dynamic Buffer Overflow Detector

by Olatunji Ruwase, Monica S. Lam - In Proceedings of the 11th Annual Network and Distributed System Security Symposium , 2004
"... Despite previous efforts in auditing software manually and automatically, buffer overruns are still being discovered in programs in use. A dynamic bounds checker detects buffer overruns in erroneous software before it occurs and thereby prevents attacks from corrupting the integrity of the system. D ..."
Abstract - Cited by 187 (1 self) - Add to MetaCart
of these deficiencies. CRED finds all buffer overrun attacks as it directly checks for the bounds of memory accesses. Unlike the original referent-object based bounds-checking technique, CRED does not break existing code because it uses a novel solution to support program manipulation of out-of-bounds addresses

On the effectiveness of address-space randomization

by Hovav Shacham, Matthew Page, Ben Pfaff, Eu-jin Goh, Nagendra Modadugu, Dan Boneh - IN CCS ’04: PROCEEDINGS OF THE 11TH ACM CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY , 2004
"... Address-space randomization is a technique used to fortify systems against buffer overflow attacks. The idea is to introduce artificial diversity by randomizing the memory location of certain system components. This mechanism is available for both Linux (via PaX ASLR) and OpenBSD. We study the effec ..."
Abstract - Cited by 250 (6 self) - Add to MetaCart
Address-space randomization is a technique used to fortify systems against buffer overflow attacks. The idea is to introduce artificial diversity by randomizing the memory location of certain system components. This mechanism is available for both Linux (via PaX ASLR) and OpenBSD. We study

Building Diverse Computer Systems

by Stephanie Forrest, Anil Somayaji , David H. Ackley
"... Diversity is an important source of robustness in biological systems. Computers, by contrast, are notable for their lack of diversity. Although homogeneous systems have many advantages, the beneficial effects of diversity in computing systems have been overlooked, specifically in the area of compute ..."
Abstract - Cited by 246 (19 self) - Add to MetaCart
. Randomization of the amount of memory allocated on a stack frame is shown to disrupt a simple buffer overflow attack.

Eliminating Stack Overflow by Abstract Interpretation

by John Regehr, Alastair Reid, Kirk Webb - ACM Trans. Embed. Comput. Syst
"... Abstract. An important correctness criterion for software running on embedded microcontrollers is stack safety: a guarantee that the call stack does not overflow. We address two aspects of the problem of creating stack-safe embedded software that also makes efficient use of memory: statically boundi ..."
Abstract - Cited by 61 (10 self) - Add to MetaCart
Abstract. An important correctness criterion for software running on embedded microcontrollers is stack safety: a guarantee that the call stack does not overflow. We address two aspects of the problem of creating stack-safe embedded software that also makes efficient use of memory: statically

DieHard: probabilistic memory safety for unsafe languages

by Emery D. Berger, Benjamin G. Zorn - in PLDI ’06 , 2006
"... Applications written in unsafe languages like C and C++ are vulnerable to memory errors such as buffer overflows, dangling pointers, and reads of uninitialized data. Such errors can lead to program crashes, security vulnerabilities, and unpredictable behavior. We present DieHard, a runtime system th ..."
Abstract - Cited by 188 (20 self) - Add to MetaCart
Applications written in unsafe languages like C and C++ are vulnerable to memory errors such as buffer overflows, dangling pointers, and reads of uninitialized data. Such errors can lead to program crashes, security vulnerabilities, and unpredictable behavior. We present DieHard, a runtime system

Testing for buffer overflows with length abstraction

by Ru-gang Xu, Patrice Godefroid, Rupak Majumdar - In International Symposium on Software Testing and Analysis , 2008
"... We present Splat, a tool for automatically generating inputs that lead to memory safety violations in C programs. Splat performs directed random testing of the code, guided by symbolic execution. However, instead of representing the entire contents of an input buffer symbolically, Splat tracks only ..."
Abstract - Cited by 33 (8 self) - Add to MetaCart
We present Splat, a tool for automatically generating inputs that lead to memory safety violations in C programs. Splat performs directed random testing of the code, guided by symbolic execution. However, instead of representing the entire contents of an input buffer symbolically, Splat tracks only

Classical Stack Overflow

by Tobias Pflug, Stack Basics, Stack Basics, Heap Overflows, Stack Basics, Heap Overflows , 2005
"... On execution of a program (PE/ELF/..) the data and the instructions are stored in memory. Memory is organized in the following sections: 1 Text – Contains instructions. 2 Data – Contains initialized variables. 3 BSS – Contains uninitialized variables. 4 Heap – Contains dynamic,uninitialized data ( → ..."
Abstract - Add to MetaCart
On execution of a program (PE/ELF/..) the data and the instructions are stored in memory. Memory is organized in the following sections: 1 Text – Contains instructions. 2 Data – Contains initialized variables. 3 BSS – Contains uninitialized variables. 4 Heap – Contains dynamic,uninitialized data
Results 1 - 10 of 414