As-If Infinitely Ranged Integer Model, Second Edition

Abstract

Integers represent a growing and underestimated source of vulnerabilities in C and C++ programs. This report presents the as-if infinitely ranged (AIR) integer model that provides a largely auto-mated mechanism for eliminating integer overflow and truncation and other integral exceptional conditions. The AIR integer model either produces a value equivalent to that obtained using infinitely ranged integers or results in a runtime-constraint violation. Instrumented fuzz testing of libraries that have been compiled using a prototype AIR integer compiler has been effective in discovering vulnerabilities in software with low false positive and false negative rates. Further-more, the runtime overhead of the AIR integer model is low enough for typical applications to enable it in deployed systems for additional runtime protection.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Apr 01, 2010
Accession Number
ADA522532

Entities

People

  • Alex Volkovitsky
  • David Keaton
  • David Svoboda
  • Robert C. Seacord
  • Roger Dannenberg
  • Thomas Plum
  • Timothy Wilson
  • Will Dormann

Organizations

  • Carnegie Mellon University

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • C Programming Language
  • Coding
  • Compilers
  • Computer Programming
  • Computer Programs
  • Computer Science
  • Computers
  • Decoding
  • Denial Of Service Attack
  • Department Of Defense
  • Engineering
  • Integrals
  • Language
  • Software Development
  • Standards
  • Vulnerability
  • Web Browsers

Fields of Study

  • Computer science

Readers

  • Cybersecurity.
  • Mathematics or Statistics
  • Operations Research