Robustness and Security Hardening of COTS Software Libraries

Edinburgh, UK June 25-June 28

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/DSN.2007.84

37th Annual IEEE/IFIP International C ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Martin Su?kraut Articles by Christof Fetzer

	ASCII Text	x
	Martin Su?kraut, Christof Fetzer, "Robustness and Security Hardening of COTS Software Libraries," Dependable Systems and Networks, International Conference on, pp. 61-71, 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN'07), 2007.

	BibTex	x
	@article{ 10.1109/DSN.2007.84, author = {Martin Su?kraut and Christof Fetzer}, title = {Robustness and Security Hardening of COTS Software Libraries}, journal ={Dependable Systems and Networks, International Conference on}, volume = {0}, year = {2007}, isbn = {0-7695-2855-4}, pages = {61-71}, doi = {http://doi.ieeecomputersociety.org/10.1109/DSN.2007.84}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Dependable Systems and Networks, International Conference on TI - Robustness and Security Hardening of COTS Software Libraries SN - 0-7695-2855-4 SP61 EP71 A1 - Martin Su?kraut, A1 - Christof Fetzer, PY - 2007 KW - null VL - 0 JA - Dependable Systems and Networks, International Conference on ER -

Martin Su?kraut, Technische Universitat Dresden, Germany

Christof Fetzer, Technische Universitat Dresden, Germany

COTS components, like software libraries, can be used to reduce the development effort. Unfortunately, many COTS components have been developed without a focus on robust- ness and security. We propose a novel approach to harden software libraries to improve their robustness and security. Our approach is automated, general and extensible and consists of the following stages. First, we use a static anal- ysis to prepare and guide the following fault injection. In the dynamic analysis stage, fault injection experiments exe- cute the library functions with both usual and extreme input values. The experiments are used to derive and verify one protection hypothesis per function (for instance, function foo fails if argument 1 is a NULL pointer). In the hard- ening stage, a protection wrapper is generated from these hypothesis to reject unrobust input values of library func- tions. We evaluate our approach by hardening a library used by Apache (a web server).

Citation:

Martin Su?kraut, Christof Fetzer, "Robustness and Security Hardening of COTS Software Libraries," dsn, pp.61-71, 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN'07), 2007

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.