English
Related papers

Related papers: CheckedCBox: Type Directed Program Partitioning wi…

200 papers

Owing to the continued use of C (and C++), spatial safety violations (e.g., buffer overflows) still constitute one of today's most dangerous and prevalent security vulnerabilities. To combat these violations, Checked C extends C with…

Programming Languages · Computer Science 2022-03-28 Aravind Machiry , John Kastner , Matt McCutchen , Aaron Eline , Kyle Headley , Michael Hicks

We present a formal model of Checked C, a dialect of C that aims to enforce spatial memory safety. Our model pays particular attention to the semantics of dynamically sized, potentially null-terminated arrays. We formalize this model in…

Programming Languages · Computer Science 2022-02-01 Liyi Li , Yiyun Liu , Deena L. Postol , Leonidas Lampropoulos , David Van Horn , Michael Hicks

We present an integration of a safe C dialect, Checked C, for the Internet of Things operating system RIOT. We utilize this integration to convert parts of the RIOT network stack to Checked C, thereby achieving spatial memory safety in…

Programming Languages · Computer Science 2025-02-26 Sören Tempel , Nora Bruns

Temporal memory safety bugs, especially use-after-free and double free bugs, pose a major security threat to C programs. Real-world exploits utilizing these bugs enable attackers to read and write arbitrary memory locations, causing…

Cryptography and Security · Computer Science 2023-03-21 Jie Zhou , John Criswell , Michael Hicks

Computer-based systems have solved several domain problems, including industrial, military, education, and wearable. Nevertheless, such arrangements need high-quality software to guarantee security and safety as both are mandatory for…

Low-level programming languages with weak/static type systems, such as C and C++, are vulnerable to errors relating to the misuse of memory at runtime, such as (sub-)object bounds overflows, (re)use-after-free, and type confusion. Such…

Programming Languages · Computer Science 2018-04-20 Gregory J. Duck , Roland H. C. Yap

In the last three decades, memory safety issues in system programming languages such as C or C++ have been one of the significant sources of security vulnerabilities. However, there exist only a few attempts with limited success to cope…

Software Engineering · Computer Science 2021-07-05 Felipe R. Monteiro , Mikhail R. Gadelha , Lucas C. Cordeiro

Software transactional memory implementations which allow transactions to work on inconsistent states of shared data, risk to cause application visible errors such as memory access violations or endless loops. Hence, many implementations…

Distributed, Parallel, and Cluster Computing · Computer Science 2014-09-23 Holger Machens

Ensuring the correct functionality of systems software, given its safety-critical and low-level nature, is a primary focus in formal verification research and applications. Despite advances in verification tooling, conventional programmers…

Programming Languages · Computer Science 2025-04-04 Yiyuan Cao , Jiayi Zhuang , Houjin Chen , Jinkai Fan , Wenbo Xu , Zhiyi Wang , Di Wang , Qinxiang Cao , Yingfei Xiong , Haiyan Zhao , Zhenjiang Hu

Undefined behavior in C often causes devastating security vulnerabilities. One practical mitigation is compartmentalization, which allows developers to structure large programs into mutually distrustful compartments with clearly specified…

The most important security benefit of software memory safety is easy to state: for C and C++ software, attackers can exploit most bugs and vulnerabilities to gain full, unfettered control of software behavior, whereas this is not true for…

Cryptography and Security · Computer Science 2025-03-28 Úlfar Erlingsson

We describe and evaluate a novel white-box fuzzer for C programs named FuSeBMC, which combines fuzzing and symbolic execution, and applies Bounded Model Checking (BMC) to find security vulnerabilities in C programs. FuSeBMC explores and…

Cryptography and Security · Computer Science 2020-12-22 Kaled M. Alshmrany , Rafael S. Menezes , Mikhail R. Gadelha , Lucas C. Cordeiro

Cloud service providers are often trusted to be genuine, the damage caused by being discovered to be attacking their own customers outweighs any benefits such attacks could reap. On the other hand, it is expected that some cloud service…

Cryptography and Security · Computer Science 2017-06-07 Ivan Gazeau , Tom Chothia , Dominic Duggan

Memory safety violations in low-level code, written in languages like C, continues to remain one of the major sources of software vulnerabilities. One method of removing such violations by construction is to port C code to a safe C dialect.…

Software Engineering · Computer Science 2024-04-02 Nausheen Mohammed , Akash Lal , Aseem Rastogi , Subhajit Roy , Rahul Sharma

We consider the problem of checkpointing a distributed application efficiently in Content Centric Networks so that it can withstand transient failures. We present CCNCheck, a system which enables a sender optimized way of checkpointing…

Distributed, Parallel, and Cluster Computing · Computer Science 2015-06-02 Nitinder Mohan , Pushpendra Singh

Security-sensitive applications that execute untrusted code often check the code's integrity by comparing its syntax to a known good value or sandbox the code to contain its effects. System M is a new program logic for reasoning about such…

Cryptography and Security · Computer Science 2015-01-26 Limin Jia , Shayak Sen , Deepak Garg , Anupam Datta

In recent projects on operating-system verification, C and C++ data types are often formalized using a semantics that does not fully specify the precise byte encoding of objects. It is well-known that such an underspecified data-type…

Logic in Computer Science · Computer Science 2012-11-28 Hendrik Tews , Marcus Völp , Tjark Weber

In shared-memory concurrent programming, shared resources can be protected using synchronization mechanisms such as monitors or channels. The connection between these mechanisms and the resources they protect is, however, only given…

Distributed, Parallel, and Cluster Computing · Computer Science 2014-07-07 Mischael Schill , Sebastian Nanz , Bertrand Meyer

Recent compilers allow a general-purpose program (written in a conventional programming language) that handles private data to be translated into secure distributed implementation of the corresponding functionality. The resulting program is…

Cryptography and Security · Computer Science 2017-07-04 Yihua Zhang , Marina Blanton , Ghada Almashaqbeh

According to experts, one third of all IT vulnerabilities today are due to inadequate software verification. Internal program processes are not sufficiently secured against manipulation by attackers, especially if access has been gained.…

Cryptography and Security · Computer Science 2022-11-22 Erik Heiland , Peter Hillmann
‹ Prev 1 2 3 10 Next ›