Research Review 2020 Automated Code Repair (ACR) to Ensure Memory Safety

Abstract

The problem is software vulnerabilities constitute a major threat to DoD. Spatial memory violations are among the most common and most severe types of vulnerabilities. 15 percent of CVEs in the NIST NVD and 24 percent of critical-severity CVEs. iPhone iOS CVE-2019-7287 is exploited by Chinese government and also Android Stagefright (2015) and CloudBleed (2017). Huge volume of code is in use by DoD with unknown number of vulnerabilities. The solution is automatically repair source code to assure spatial memory safety and an abort program (or call error-handling routine) before a memory violation. The approach is to transform source code to an intermediate representation (IR), retaining mapping and to repair the program to use fat pointers to track bounds and to insert a bounds check before memory accesses. The approach is to map the repairs at the IR level back to source code.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jan 01, 2020
Accession Number
AD1145719

Entities

People

  • William Klieber

Organizations

  • Carnegie Mellon University

Tags

DTIC Thesaurus Topics

  • Abstracts
  • Application Software
  • Compilers
  • Computer Programs
  • Copyrights
  • Debugging
  • Department Of Defense
  • Directives
  • Engineering
  • Governments
  • Guarantees
  • Lists (Data Structures)
  • Materials
  • Online Communications
  • Software Development
  • Standards
  • Universities
  • Vulnerability

Fields of Study

  • Computer science

Readers

  • Agent-Based Social Robotics and Mobile-Assisted Learning in Virtual Environments.
  • Computer Programming and Software Development.
  • Emergency Management and Homeland Security.