“Effectiveness on C Flaws Checking and Removal (fast abstract)”
in In Proceedings of the 52nd IEEE/IFIP International Conference on Dependable Systems and Networks (DSN'22), Jun. 2022.
Abstract: The use of software daily has become inevitable nowadays. Almost all everyday tools and most different areas (e.g., medicine or telecommunications) are dependent on software. The C programming language is one of the most used languages for software development, such as operating systems, drivers, embedded systems, and industrial products. Even with the appearance of new languages, it remains one of the most used. At the same time, C lacks verification mechanisms, like array boundaries, leaving the entire responsibility to the developer for the correct management of memory and resources. These weaknesses are at the root of buffer overflows (BO) vulnerabilities, which range the first place in the CWE’s top 25 of the most dangerous weaknesses. This work introduces an approach for automatically detecting and correcting flaws in C programs. The goal is to provide a pipeline of small modules and tools to discover BOs statically, confirm their presence by fuzzing and remove the vulnerabilities by repairing the code and testing the corrections’ effectiveness.
Research line(s): Fault and Intrusion Tolerance in Open Distributed Systems (FIT)