Accession Number:

ADA522532

Title:

As-If Infinitely Ranged Integer Model, Second Edition

Descriptive Note:

Final rept.

Corporate Author:

CARNEGIE-MELLON UNIV PITTSBURGH PA SOFTWARE ENGINEERING INST

Report Date:

2010-04-01

Pagination or Media Count:

41.0

Abstract:

Integers represent a growing and underestimated source of vulnerabilities in C and C programs. This report presents the as-if infinitely ranged AIR integer model that provides a largely auto-mated mechanism for eliminating integer overflow and truncation and other integral exceptional conditions. The AIR integer model either produces a value equivalent to that obtained using infinitely ranged integers or results in a runtime-constraint violation. Instrumented fuzz testing of libraries that have been compiled using a prototype AIR integer compiler has been effective in discovering vulnerabilities in software with low false positive and false negative rates. Further-more, the runtime overhead of the AIR integer model is low enough for typical applications to enable it in deployed systems for additional runtime protection.

Subject Categories:

  • Numerical Mathematics
  • Computer Programming and Software
  • Computer Systems
  • Computer Systems Management and Standards

Distribution Statement:

APPROVED FOR PUBLIC RELEASE