GGrantIndex
← Search

Dynamic techniques for finding errors and preventing security violations

$270,000FY2003CSENSF

University Of Wisconsin-Madison, Madison WI

Investigators

Abstract

0305387 Susan Horwitz University of Wisconsin-Madison Writing correct, secure software is very difficult. Languages like C that have weak type systems exacerbate the problem by making it easy for programmers to introduce errors and potential security holes in their code. The goal of this project is the design, implementation, and evaluation of dynamic error-detection and security-enforcement tools for C programs. Existing dynamic error-detection tools are limited by poor coverage: they can only detect erroneous behaviors that actually occur during a given program execution. That limitation will be addressed by the use of innovative new dynamic techniques for increasing both "data coverage" (finding errors that could occur given different input values) and "path" coverage (finding errors that could occur if a different path were followed through the program). The security-enforcement tool will provide protection against a wide range of attacks, with low overhead, without requiring modifications to existing source code, and without requiring the programmer to give up control over data representations or memory management.

View original record on NSF Award Search →