Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Javascript is currently disabled for your browser. For an optimal search experience, please enable javascript.

Advanced Search

Basic Search

Content Type

Topics

Publication Date

David Keaton
September 2015 - White Paper Secure Coding Analysis of an AADL Code Generator's Runtime System

Topics: Cybersecurity Engineering

Authors: David Keaton

This paper describes a secure coding analysis of the PolyORB-HI-C runtime system used by C language code output from the Ocarina AADL code generator.

July 2014 - Technical Note Performance of Compiler-Assisted Memory Safety Checking

Topics: Secure Coding

Authors: David Keaton, Robert C. Seacord

This technical note describes the criteria for deploying a compiler-based memory safety checking tool and the performance that can be achieved with two such tools whose source code is freely available.

November 2010 - Presentation As-If Infinitely Ranged Integer Model

Topics: Secure Coding

Authors: Roger Dannenberg (School of Computer Science, Carnegie Mellon University), Thomas Plum (Plum Hall, Inc.), Will Dormann, David Keaton, Robert C. Seacord, David Svoboda, Alex Volkovitsky, Timothy Wilson

This ISSRE 2010 paper describes the AIR Integer model for eliminating vulnerabilities resulting from integer overflow, truncation, and unanticipated wrapping.

April 2010 - Technical Note As-If Infinitely Ranged Integer Model, Second Edition

Topics: Secure Coding

Authors: Roger Dannenberg (School of Computer Science, Carnegie Mellon University), Will Dormann, David Keaton, Thomas Plum (Plum Hall, Inc.), Robert C. Seacord, David Svoboda, Alex Volkovitsky, Timothy Wilson

In this report, the authors present the as-if infinitely ranged (AIR) integer model, a mechanism for eliminating integral exceptional conditions.

February 2010 - White Paper Instrumented Fuzz Testing Using AIR Integers (Whitepaper)

Topics: Secure Coding

Authors: Roger Dannenberg (School of Computer Science, Carnegie Mellon University), Will Dormann, David Keaton, Robert C. Seacord, Timothy Wilson, Thomas Plum (Plum Hall, Inc.)

In this paper, the authors present the as-if infinitely ranged (AIR) integer model, which provides a mechanism for eliminating integral exceptional conditions.

July 2009 - Technical Note As-if Infinitely Ranged Integer Model

Topics: Secure Coding

Authors: David Keaton, Thomas Plum (Plum Hall, Inc.), Robert C. Seacord, David Svoboda, Alex Volkovitsky, Timothy Wilson

In this report, the authors present the as-if infinitely ranged (AIR) integer model, which eliminates integer overflow and integer truncation in C and C++ code.

June 2008 - Technical Report Evaluation of CERT Secure Coding Rules through Integration with Source Code Analysis Tools

Topics: Secure Coding

Authors: Stephen Dewhurst, Chad Dougherty, Yurie Ito, David Keaton, Dan Saks, Robert C. Seacord, David Svoboda, Chris Taschner, Kazuya Togashi (JPCERT/CC)

In this report, the authors describe a study to evaluate CERT Secure Coding Standards and source code analysis tools in commercial software projects.