GGrantIndex
← Search

SBIR Phase I: Safe Secure C/C++

$99,822FY2007TIPNSF

Crescent Bay Software Corporation, Culver City CA

Investigators

Abstract

This Small Business Innovation Research Phase I project will design and implement a method of detecting and preventing buffer overflows in a C/C++ code, while maintaining execution efficiency. When a C/C++ program is compiled with the proposed approach, all buffer overflows are guaranteed to be intercepted. The main intellectual merit is not detecting all buffer overflows, but doing so in a way that does not destroy the efficiency of the program. The approach uses compilation techniques pioneered for speeding up code for high-performance computers to eliminate or minimize buffer overflow checks. The approach will use whole program information as available, and a link-time phase for final optimizations and verifications. If successful, the end result will be a safe and secure program with minimal performance degradation compared to its unsafe insecure counterpart. The broader impact of this proposed project could be significant. Buffer overflows in C and C++ programs are a major problem in two main cases: hackers deliberately attempting to disable or take control of a system, and programs running on critical embedded systems (such as those in sophisticated military equipment) that receive unexpected sensor input. Serious damage can be caused in either case.

View original record on NSF Award Search →