Advertisement

Manipulating Program Functionality to Eliminate Security Vulnerabilities

  • Martin RinardEmail author
Chapter
Part of the Advances in Information Security book series (ADIS, volume 54)

Abstract

Security vulnerabilities can be seen as excess undesirable functionality present in a software system. We present several mechanisms that can either excise or change system functionality in ways that may 1) eliminate security vulnerabilities while 2) enabling the system to continue to deliver acceptable service.

Keywords

Comfort Zone Security Vulnerability Memory Leak Attack Surface Constraint Enforcement 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Michael Carbin and Martin C. Rinard. Automatically identifying critical input regions and code in applications. In Paolo Tonella and Alessandro Orso, editors, ISSTA, pages 37–48. ACM, 2010.Google Scholar
  2. 2.
    Brian Demsky, Michael D. Ernst, Philip J. Guo, Stephen McCamant, Jeff H. Perkins, and Martin C. Rinard. Inference and enforcement of data structure consistency specifications. In Lori L. Pollock and Mauro Pezz`e, editors, ISSTA, pages 233–244. ACM, 2006.Google Scholar
  3. 3.
    Brian Demsky and Martin C. Rinard. Automatic detection and repair of errors in data structures. In Ron Crocker and Guy L. Steele Jr., editors, OOPSLA, pages 78–95. ACM, 2003.Google Scholar
  4. 4.
    Brian Demsky and Martin C. Rinard. Static specification analysis for termination of specification-based data structure repair. In ISSRE, pages 71–84. IEEE Computer Society, 2003.Google Scholar
  5. 5.
    Brian Demsky and Martin C. Rinard. Data structure repair using goal-directed reasoning. In Gruia-Catalin Roman, William G. Griswold, and Bashar Nuseibeh, editors, ICSE, pages 176–185. ACM, 2005.Google Scholar
  6. 6.
    Brian Demsky and Martin C. Rinard. Goal-directed reasoning for specification-based data structure repair. IEEE Trans. Software Eng., 32(12):931–951, 2006.Google Scholar
  7. 7.
    Richard P. Gabriel, David F. Bacon, Cristina Videira Lopes, and Guy L. Steele Jr., editors. Proceedings of the 22nd Annual ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages, and Applications, OOPSLA 2007, October 21–25, 2007, Montreal, Quebec, Canada. ACM, 2007.Google Scholar
  8. 8.
    Vijay Ganesh, Tim Leek, and Martin C. Rinard. Taint-based directed whitebox fuzzing. In ICSE, pages 474–484. IEEE, 2009.Google Scholar
  9. 9.
    Henry Hoffman, Sasa Misailovic, Stelios Sidiroglou, Anant Agarwal, and Martin Rinard. Using Code Perforation to Improve Performance, Reduce Energy Consumption, and Respond to Failures. Technical Report TR-2009-042, Computer Science and Artificial Intelligence Laboratory, MIT, September 2009.Google Scholar
  10. 10.
    Henry Hoffmann, Stelios Sidiroglou, Michael Carbin, Sasa Misailovic, Anant Agarwal, and Martin Rinard. Power-Aware Computing with Dynamic Knobs. Technical Report TR-2010- 027, Computer Science and Artificial Intelligence Laboratory, MIT, May 2010.Google Scholar
  11. 11.
    Sasa Misailovic, Stelios Sidiroglou, Henry Hoffmann, and Martin C. Rinard. Quality of service profiling. In Jeff Kramer, Judith Bishop, Premkumar T. Devanbu, and Sebasti´an Uchitel, editors, ICSE (1), pages 25–34. ACM, 2010.Google Scholar
  12. 12.
    Huu Hai Nguyen and Martin C. Rinard. Detecting and eliminating memory leaks using cyclic memory allocation. In Greg Morrisett and Mooly Sagiv, editors, ISMM, pages 15–30. ACM, 2007.Google Scholar
  13. 13.
    Jeff H. Perkins, Sunghun Kim, Samuel Larsen, Saman P. Amarasinghe, Jonathan Bachrach, Michael Carbin, Carlos Pacheco, Frank Sherwood, Stelios Sidiroglou, Greg Sullivan, Weng- FaiWong, Yoav Zibin, Michael D. Ernst, and Martin C. Rinard. Automatically patching errors in deployed software. In Jeanna Neefe Matthews and Thomas E. Anderson, editors, SOSP, pages 87–102. ACM, 2009.Google Scholar
  14. 14.
    Martin C. Rinard. Acceptability-oriented computing. In Ron Crocker and Guy L. Steele Jr., editors, OOPSLA Companion, pages 221–239. ACM, 2003.Google Scholar
  15. 15.
    Martin C. Rinard. Probabilistic accuracy bounds for fault-tolerant computations that discard tasks. In Gregory K. Egan and Yoichi Muraoka, editors, ICS, pages 324–334. ACM, 2006.Google Scholar
  16. 16.
    Martin C. Rinard. Living in the comfort zone. In Gabriel et al. [7], pages 611–622.Google Scholar
  17. 17.
    Martin C. Rinard. Using early phase termination to eliminate load imbalances at barrier synchronization points. In Gabriel et al. [7], pages 369–386.Google Scholar
  18. 18.
    Martin C. Rinard, Cristian Cadar, Daniel Dumitran, Daniel M. Roy, Tudor Leu, andWilliam S. Beebee. Enhancing server availability and security through failure-oblivious computing. In OSDI, pages 303–316, 2004.Google Scholar
  19. 19.
    Martin C. Rinard, Cristian Cadar, and Huu Hai Nguyen. Exploring the acceptability envelope. In Ralph E. Johnson and Richard P. Gabriel, editors, OOPSLA Companion, pages 21–30. ACM, 2005.Google Scholar
  20. 20.
    Martin C. Rinard and Monica S. Lam. The design, implementation, and evaluation of jade. ACM Trans. Program. Lang. Syst., 20(3):483–545, 1998.Google Scholar

Copyright information

© Springer Science+Business Media, LLC 2011

Authors and Affiliations

  1. 1.EECS DepartmentMIT CSAIL, Massachusetts Institute of TechnologyCambridgeUSA

Personalised recommendations