As-If Infinitely Ranged Integer Model, Second Edition
CARNEGIE-MELLON UNIV PITTSBURGH PA SOFTWARE ENGINEERING INST
Pagination or Media Count:
Integers represent a growing and underestimated source of vulnerabilities in C and C programs. This report presents the as-if infinitely ranged AIR integer model that provides a largely auto-mated mechanism for eliminating integer overflow and truncation and other integral exceptional conditions. The AIR integer model either produces a value equivalent to that obtained using infinitely ranged integers or results in a runtime-constraint violation. Instrumented fuzz testing of libraries that have been compiled using a prototype AIR integer compiler has been effective in discovering vulnerabilities in software with low false positive and false negative rates. Further-more, the runtime overhead of the AIR integer model is low enough for typical applications to enable it in deployed systems for additional runtime protection.
- Numerical Mathematics
- Computer Programming and Software
- Computer Systems
- Computer Systems Management and Standards