We present a new technique and system, DIODE, for auto-matically generating inputs that trigger overflows at memory allocation sites. DIODE is designed to identify relevant sanity checks that inputs must satisfy to trigger overflows at target memory allocation sites, then generate inputs that satisfy these sanity checks to successfully trigger the overflow. DIODE works with off-the-shelf, production x86 binaries. Our results show that, for our benchmark set of applications, and for every target memory allocation site exercised by our seed inputs (which the applications process correctly with no overflows), either 1) DIODE is able to generate an input that triggers an overflow at that site or 2) there is no input that would trigger an overfl...
Abstract — We present and evaluate a new memory man-agement technique for eliminating memory leaks i...
Heap layout manipulation is integral to exploiting heapbased memory corruption vulnerabilities. In t...
Integer overflow and underflow, signedness conversion, and other types of arithmetic errors in C/C++...
We present a new technique and system, DIODE, for automatically generating inputs that trigger overf...
Thesis: M. Eng., Massachusetts Institute of Technology, Department of Electrical Engineering and Com...
We present a new technique and system, DIODE, for auto- matically generating inputs that trigger ove...
We present Targeted Automatic Patching (TAP), an automatic buffer and integer overflow discovery and...
We present a system, SIFT, for generating input filters that nullify integer overflow errors associa...
We present a system, SIFT, for generating input filters that nullify integer overflow errors associa...
Integer overflow bugs in C and C++ programs are difficult to track down and may lead to fatal errors...
Abstract-Integer overflow errors in C programs are difficult to detect since the C language specific...
Abstract — This paper outlines the recent work by the author to develop UQBTng, a tool capable of au...
Buffer overflow vulnerabilities are caused by programming errors that allow an attacker to cause the...
Buffer overflows are the source of a vast majority of vulnerabilities in today’s software. Existing ...
This paper presents a general approach for designing array and tree integer multipliers with overflo...
Abstract — We present and evaluate a new memory man-agement technique for eliminating memory leaks i...
Heap layout manipulation is integral to exploiting heapbased memory corruption vulnerabilities. In t...
Integer overflow and underflow, signedness conversion, and other types of arithmetic errors in C/C++...
We present a new technique and system, DIODE, for automatically generating inputs that trigger overf...
Thesis: M. Eng., Massachusetts Institute of Technology, Department of Electrical Engineering and Com...
We present a new technique and system, DIODE, for auto- matically generating inputs that trigger ove...
We present Targeted Automatic Patching (TAP), an automatic buffer and integer overflow discovery and...
We present a system, SIFT, for generating input filters that nullify integer overflow errors associa...
We present a system, SIFT, for generating input filters that nullify integer overflow errors associa...
Integer overflow bugs in C and C++ programs are difficult to track down and may lead to fatal errors...
Abstract-Integer overflow errors in C programs are difficult to detect since the C language specific...
Abstract — This paper outlines the recent work by the author to develop UQBTng, a tool capable of au...
Buffer overflow vulnerabilities are caused by programming errors that allow an attacker to cause the...
Buffer overflows are the source of a vast majority of vulnerabilities in today’s software. Existing ...
This paper presents a general approach for designing array and tree integer multipliers with overflo...
Abstract — We present and evaluate a new memory man-agement technique for eliminating memory leaks i...
Heap layout manipulation is integral to exploiting heapbased memory corruption vulnerabilities. In t...
Integer overflow and underflow, signedness conversion, and other types of arithmetic errors in C/C++...