This website uses cookies to make the content more user-friendly and effective. By using this website, you agree to the use of cookies. You can find additonal information about the use of cookies and the possibility of objecting to the use of cookies here.

26 - 28 February 2019 // Nuremberg, Germany

Conferences and supporting programme

back to day overview
Session 18 - Software Engineering IV - Software Quality II

Stopping Buffer Overflows Vortragssprache Englisch

Everybody is concerned with writing more secure software programs. However, buffer overflows and similar memory corruption problems are still abundant in many deployed software systems, open source or commercial, and are causing an embarrassing number of software security issues. A system is only as secure as it’s weakest link and buffer overflows may provide the attacker a foothold into your system. The problem with buffer overruns is that they are hard to detect during the testing phase. You need a tool like valgrind or address sanitizer to detect the memory problems when you execute your test cases. However, often the problem is not visible in your test case. Often these problems only occur when the system is tested with odd inputs. This is where fuzz testing (or fuzzing comes in). However, even with testing-time tools like fuzzing and the use of valgrind and address sanitizer, buffer overruns end up in fielded programs. The cost of an exploitable vulnerability is in the millions of dollars ($15.4 Million according to Forbes) per event. In this presentation we’ll show how GrammaTech’s Cyber Hardening Tools can be used to deflect buffer overflows during testing and how this protection can be extended to deployed systems with moderate memory and run-time cost. These tools detect a number of memory violations, including buffer overruns and underruns and deflect them while allowing the program to continue. They then document the buffer overrun with a partial program trace, this information makes it easier for software developers to fix the problem after the fact. The presentation will start with an example buffer overrun, provide examples as to how it can lead to security vulnerabilities. Next we’ll demonstrate how the problem can be found and diagnosed during testing as well as during run-time. We’ll also include an overview of the additional run-time cost incurred.

--- Date: 28.02.2018 Time: 4:00 PM - 4:30 PM Location: Conference Counter NCC Ost

Speakers

man

Mark Hermeling

GrammaTech Inc.

top

The selected entry has been placed in your favourites!

If you register you can save your favourites permanently and access all entries even when underway – via laptop or tablet.

You can register an account here to save your settings in the Exhibitors and Products Database and as well as in the Supporting Programme.The registration is not for the TicketShop and ExhibitorShop.

Register now

Your advantages at a glance:

  • Advantage Save your favourites permanently. Use the instant access – mobile too, anytime and anywhere – incl. memo function.
  • Advantage The optional newsletter gives you regular up-to-date information about new exhibitors and products – matched to your interests.
  • Advantage Call up your favourites mobile too! Simply log in and access them at anytime.