[llvm-commits] [www-pubs] r118781 - in /www-pubs/trunk: 2010-09-ESORICS-FixOverflows.html 2010-09-ESORICS-FixOverflows.pdf pubs.js

Chris Lattner sabre at nondot.org
Wed Nov 10 23:49:29 PST 2010 

Author: lattner
Date: Thu Nov 11 01:49:29 2010
New Revision: 118781

URL: http://llvm.org/viewvc/llvm-project?rev=118781&view=rev
Log:
add another paper

Added:
    www-pubs/trunk/2010-09-ESORICS-FixOverflows.html
    www-pubs/trunk/2010-09-ESORICS-FixOverflows.pdf
Modified:
    www-pubs/trunk/pubs.js

Added: www-pubs/trunk/2010-09-ESORICS-FixOverflows.html
URL: http://llvm.org/viewvc/llvm-project/www-pubs/trunk/2010-09-ESORICS-FixOverflows.html?rev=118781&view=auto
==============================================================================
--- www-pubs/trunk/2010-09-ESORICS-FixOverflows.html (added)
+++ www-pubs/trunk/2010-09-ESORICS-FixOverflows.html Thu Nov 11 01:49:29 2010
@@ -0,0 +1,49 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+<head>
+  <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+  <link rel="stylesheet" href="../llvm.css" type="text/css" media="screen">
+  <title>IntPatch: Automatically Fix Integer-Overflow-to-Buffer-Overflow Vulnerability at Compile-Time</title>
+</head>
+<body>
+
+<div class="pub_title">
+  IntPatch: Automatically Fix Integer-Overflow-to-Buffer-Overflow Vulnerability at Compile-Time
+</div>
+<div class="pub_author">
+  Chao Zhang, Tielei Wang, Tao Wei, Yu Chen, and Wei Zou
+</div>
+
+<h2>Abstract:</h2>
+<blockquote>
+<p>
+The Integer-Overflow-to-Buffer-Overflow (IO2BO) vulnerability is an underestimated threat. Automatically identifying and fixing this kind of vulnerability are critical for software security. In this paper, we present the design and implementation of IntPatch, a compiler extension for automatically fixing IO2BO vulnerabilities in C/C++ programs at compile time. IntPatch utilizes classic type theory and dataflow analysis framework to identify potential IO2BO vulnerabilities, and then instruments programs with runtime checks. Moreover, IntPatch provides an interface for programmers to facilitate checking integer overflows. We evaluate IntPatch on a number of real-world applications. It has caught all 46 previously known IO2BO vulnerabilities in our test suite and found 21 new bugs. Applications patched by IntPatch have a negligible runtime performance loss which is averaging about 1%.
+</p>
+</blockquote>
+
+<h2>Published:</h2>
+<blockquote>
+  "IntPatch: Automatically Fix Integer-Overflow-to-Buffer-Overflow Vulnerability at Compile-Time"<br>
+   Chao Zhang, Tielei Wang, Tao Wei, Yu Chen, and Wei Zou<br>
+<i>Proc. of the 15th European Symposium on Research in Computer Security (ESORICS 2010),</i>
+Athen, Greece, Sep. 2010
+</blockquote>
+
+<h2>Download:</h2>
+<h3>Paper:</h3>
+<ul>
+  <li><a href="2010-09-ESORICS-FixOverflows.pdf">
+  IntPatch: Automatically Fix Integer-Overflow-to-Buffer-Overflow Vulnerability at Compile-Time
+  </a> (PDF)</li>
+</ul>
+
+
+<!-- *********************************************************************** -->
+<hr>
+  <a href="http://jigsaw.w3.org/css-validator/check/referer"><img
+  src="http://jigsaw.w3.org/css-validator/images/vcss" alt="Valid CSS!"></a>
+  <a href="http://validator.w3.org/check/referer"><img
+  src="http://www.w3.org/Icons/valid-html401" alt="Valid HTML 4.01!" /></a>
+
+</body>
+</html>

Added: www-pubs/trunk/2010-09-ESORICS-FixOverflows.pdf
URL: http://llvm.org/viewvc/llvm-project/www-pubs/trunk/2010-09-ESORICS-FixOverflows.pdf?rev=118781&view=auto
==============================================================================
Binary files www-pubs/trunk/2010-09-ESORICS-FixOverflows.pdf (added) and www-pubs/trunk/2010-09-ESORICS-FixOverflows.pdf Thu Nov 11 01:49:29 2010 differ

Modified: www-pubs/trunk/pubs.js
URL: http://llvm.org/viewvc/llvm-project/www-pubs/trunk/pubs.js?rev=118781&r1=118780&r2=118781&view=diff
==============================================================================
--- www-pubs/trunk/pubs.js (original)
+++ www-pubs/trunk/pubs.js Thu Nov 11 01:49:29 2010
@@ -8,6 +8,15 @@
    author: "David A. Terei and Manuel M. T. Chakravarty",
    month: 9,
    year: 2010},
+  {
+            url: "2010-09-ESORICS-FixOverflows.html",
+            title: "IntPatch: Automatically Fix Integer-Overflow-to-Buffer-Overflow Vulnerability at Compile-Time",
+            published: "Proc. of the 15th European Symposium on Research in Computer Security (ESORICS 2010)",
+            location: "Athen, Greece",
+            author: "Chao Zhang, Tielei Wang, Tao Wei, Yu Chen, and Wei Zou",
+            month: 9,
+            year: 2010
+  },            
   {url: "2010-08-SBLP-SSI.html",
    title: "Efficient SSI Conversion",
    published: "Brazilian Symposium on Programming Languages 2010",

More information about the llvm-commits mailing list