Per-input control-flow integrity
Control-Flow Integrity (CFI) is an effective approach to mitigating control-flow hijacking
attacks. Conventional CFI techniques statically extract a control-flow graph (CFG) from a …
attacks. Conventional CFI techniques statically extract a control-flow graph (CFG) from a …
Where does it go? refining indirect-call targets with multi-layer type analysis
System software commonly uses indirect calls to realize dynamic program behaviors.
However, indirect-calls also bring challenges to constructing a precise control-flow graph …
However, indirect-calls also bring challenges to constructing a precise control-flow graph …
Bugram: bug detection with n-gram language models
S Wang, D Chollak, D Movshovitz-Attias… - Proceedings of the 31st …, 2016 - dl.acm.org
To improve software reliability, many rule-based techniques have been proposed to infer
programming rules and detect violations of these rules as bugs. These rule-based …
programming rules and detect violations of these rules as bugs. These rule-based …
Detecting {Missing-Check} bugs via semantic-and {Context-Aware} criticalness and constraints inferences
Missing a security check is a class of semantic bugs in software programs where erroneous
execution states are not validated. Missing-check bugs are particularly common in OS …
execution states are not validated. Missing-check bugs are particularly common in OS …
Cogent: Verifying high-assurance file system implementations
S Amani, A Hixon, Z Chen, C Rizkallah… - ACM SIGARCH …, 2016 - dl.acm.org
We present an approach to writing and formally verifying high-assurance file-system code in
a restricted language called Cogent, supported by a certifying compiler that produces C …
a restricted language called Cogent, supported by a certifying compiler that produces C …
Path-based function embedding and its application to error-handling specification mining
Identifying relationships among program elements is useful for program understanding,
debugging, and analysis. One such kind of relationship is synonymy. Function synonyms are …
debugging, and analysis. One such kind of relationship is synonymy. Function synonyms are …
Automatically diagnosing and repairing error handling bugs in C
Correct error handling is essential for building reliable and secure systems. Unfortunately,
low-level languages like C often do not support any error handling primitives and leave it up …
low-level languages like C often do not support any error handling primitives and leave it up …
Effective static analysis of concurrency {Use-After-Free} bugs in linux device drivers
In Linux device drivers, use-after-free (UAF) bugs can cause system crashes and serious
security problems. According to our study of Linux kernel commits, 42% of the driver commits …
security problems. According to our study of Linux kernel commits, 42% of the driver commits …
[PDF][PDF] On the feasibility of stealthily introducing vulnerabilities in open-source software via hypocrite commits
Open source software (OSS) has thrived since the forming of Open Source Initiative in 1998.
A prominent example is the Linux kernel, which has been used by numerous major software …
A prominent example is the Linux kernel, which has been used by numerous major software …
Static detection of unsafe {DMA} accesses in device drivers
Direct Memory Access (DMA) is a popular mechanism for improving hardware I/O
performance, and it has been widely used by many existing device drivers. However, DMA …
performance, and it has been widely used by many existing device drivers. However, DMA …