Publications

Refine Results

(Filters Applied) Clear All

Testing static analysis tools using exploitable buffer overflows from open source code

Published in:
Proc. 12th Int. Symp. on Foundations of Software Engineering, ACM SIGSOFT, 31 October - 6 November 2004, pp. 97-106.

Summary

Five modern static analysis tools (ARCHER, BOON, PolySpace C Verifier, Splint, and UNO) were evaluated using source code examples containing 14 exploitable buffer overflow vulnerabilities found in various versions of Sendmail, BIND, and WU-FTPD. Each code example included a "BAD" case with and a "OK" case without buffer overflows. Buffer overflows varied and included stack, heap, bss and data buffers; access above and below buffer bounds; access using pointers, indices, and functions; and scope differences between buffer creation and use. Detection rates for the "BAD" examples were low except for PolySpace and Splint which had average detection rates of 87% and 57%, respectively. However, average false alarm rates were high and roughly 50% for these two tools. On patched programs these two tools produce one warning for every 12 to 46 lines of source code and neither tool accurately distinguished between vulnerable and patched code.
READ LESS

Summary

Five modern static analysis tools (ARCHER, BOON, PolySpace C Verifier, Splint, and UNO) were evaluated using source code examples containing 14 exploitable buffer overflow vulnerabilities found in various versions of Sendmail, BIND, and WU-FTPD. Each code example included a "BAD" case with and a "OK" case without buffer overflows. Buffer...

READ MORE

Open system protocols for aviation data link applications

Published in:
19th AIAA/IEEE Digital Avionics Systems Conf., Vol. 2, 7-13 October 2000.

Summary

This paper will discuss the application of "open system" communications protocols in the design and implementation of data link applications for aviation. The term "open system" in this paper refers to a set of communications protocols whose design specification is readily open to the user community, usually via publication by an international standards body. Such open system standards tend to encourage widespread implementation and enhancement of the communications protocols defined in the open standards. Ready availability of well-tested implementations helps to keep the costs of open systems low. Interoperability of equipment is enhanced by the use of open systems, as is the ease of system extensibility. In some cases, system communications infrastructures to support the open system may already be in place (e.g. the Internet). Data link applications in aviation are increasing at an accelerating rate. Whether for air traffic control, airline operations, or improved pilot situational awareness, data link systems are required for many existing and future functions in aviation. Many aviation data link designs have been proposed and demonstrated over the years. A drawback to most of these designs is their ad hoc nature. It is difficult to combine the various aviation data links into a coherent overall system architecture. Since each aviation data link was specialized for a specific task or application, there is little commonality of design, nor is there much opportunity for software/hardware reuse in ground or avionics equipment. Each aviation data link has required its own separate system infrastructure - leading to considerable overlap, complexity, and expense. At the same time, the Internet community has seen explosive growth in both the number of Internet users and the types of Internet system applications. Much of this growth may be tied to the "open system" nature of the Internet communications protocols which allows for straightforward implementation of Internet applications. It is difficult to buy a computer today that doesn't have an Internet protocol stack in its system software. Extremely inexpensive Internet implementations are in everything from microwave ovens to laptops. The Internet's dramatic growth is an indicator of the power of "open system" architecture to encourage development of communications applications. This paper will show how the use of suitable open system communications protocols can help to bring increased efficiency and lower-cost equipment to aviation data link systems.
READ LESS

Summary

This paper will discuss the application of "open system" communications protocols in the design and implementation of data link applications for aviation. The term "open system" in this paper refers to a set of communications protocols whose design specification is readily open to the user community, usually via publication by...

READ MORE

Showing Results

1-2 of 2