Susan Horwitz University of Wisconsin-Madison
Writing correct, secure software is very difficult. Languages like C that have weak type systems exacerbate the problem by making it easy for programmers to introduce errors and potential security holes in their code.
The goal of this project is the design, implementation, and evaluation of dynamic error-detection and security-enforcement tools for C programs. Existing dynamic error-detection tools are limited by poor coverage: they can only detect erroneous behaviors that actually occur during a given program execution. That limitation will be addressed by the use of innovative new dynamic techniques for increasing both "data coverage" (finding errors that could occur given different input values) and "path" coverage (finding errors that could occur if a different path were followed through the program). The security-enforcement tool will provide protection against a wide range of attacks, with low overhead, without requiring modifications to existing source code, and without requiring the programmer to give up control over data representations or memory management.
