Achieving Trusted Systems by Providing Security and Reliability ( Research Project #22 ). Project Members: Ravishankar K. Iyer, Zbigniew Kalbarczyk, Jun Xu, Shuo Chen, Nithin Nakka and Karthik Pattabiraman. Objective and Approach. Objective
Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
Ravishankar K. Iyer, Zbigniew Kalbarczyk, Jun Xu, Shuo Chen, Nithin Nakka and Karthik Pattabiraman
WU-FTP Server Format String Attack
NULL-HTTP Server Heap Corruption Attack
fmt: format string pointer Reliability
ap: argument pointer
fmt: format string pointer
ap: argument pointerInternals of Format String Attack
printf(buf); /* should be printf(“%s”,buf) */
\xdd \xcc \xbb \xaa %d %d %d %n
if (fmt points to “%n”)
then **ap = (character count)
*ap is a tainted value.
Automatically translated to formal semantic representation
C source code of a library function
formal semantic representation
For each pointer dereference in an assignment, generate a theorem stating that the pointer is not tainted
A set of sufficient conditions that imply the validity of the theorems.
They are the security specifications of the analyzed function.