Secure Coding mailing list archives
As-if Infinitely Ranged Integer Model
From: rcs at cert.org (Robert Seacord)
Date: Mon, 20 Jul 2009 09:04:34 -0400
The Secure Coding Initiative at CERT has published a new Technical Note CMU/SEI-2009-TN-023 entitled "As-if Infinitely Ranged Integer Model". Abstract: Integer overflow and wraparound are major causes of software vulnerabilities in the C and C++ programming languages. In this paper we present the as-if infinitely ranged (AIR) integer model, which provides a largely automated mechanism for eliminating integer overflow and integer truncation. The AIR integer model either produces a value equivalent to one that would have been obtained using infinitely ranged integers or results in a runtime constraint violation. Unlike previous integer models, AIR integers do not require precise traps, and consequently do not break or inhibit most existing optimizations. Authors: David Keaton (self) Thomas Plum (Plum Hall Inc.) Robert C. Seacord (SEI/CERT) David Svoboda (SEI/CERT) Alex Volkovitsky (SEI/CERT) Timothy Wilson (SEI/CERT) A PDF Download of this paper is available at: http://www.sei.cmu.edu/publications/documents/09.reports/09tn023.html I would be interested in hearing your opinions on this work, either publically or privately. We are planning on continuing this project, as described by the report. Thanks, rCs ---- Robert C. Seacord Secure Coding Team Lead CERT / Software Engineering Institute Work: +1 412.268.7608 FAX: +1 412.268.6989
Current thread:
- Silver Bullet 40: Bob Blakley Gary McGraw (Jul 17)
- Silver Bullet 40: Bob Blakley Gunnar Peterson (Jul 17)
- As-if Infinitely Ranged Integer Model Robert Seacord (Jul 20)
- Silver Bullet 40: Bob Blakley Gunnar Peterson (Jul 17)