Specifications for Managed Strings, Second Edition

Abstract

This report describes a managed string library for the C programming language. Many software vulnerabilities in C programs result from the misuse of manipulation functions for standard C strings. Programming errors common to string-manipulation logic include buffer overflow, truncation errors, string termination errors, and improper data sanitization. The managed string library provides mechanisms to eliminate or mitigate these problems and improve system security. The CERT? Program, which is part of the Carnegie Mellon? Software Engineering Institute, provides a proof-of-concept implementation of the managed string library on its Secure Coding web pages.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
May 01, 2010
Accession Number
ADA528573

Entities

People

  • David Svoboda
  • Fred Long
  • Hal Burch
  • Raunak Rungta
  • Robert Seacord

Organizations

  • Carnegie Mellon University

Tags

DTIC Thesaurus Topics

  • Abstracts
  • C Programming Language
  • Computer Programming
  • Conversion
  • Copyrights
  • Department Of Defense
  • Engineering
  • Governments
  • Guarantees
  • Language
  • Programming Languages
  • Security
  • Software Development
  • Specifications
  • Standards
  • Truncation
  • Vulnerability

Fields of Study

  • Computer science
  • Engineering

Readers

  • Computer Programming and Software Development.
  • Cybersecurity.
  • Software Engineering.