David Keaton
Software Engineering Institute
Publications by David Keaton
-
Secure Coding Analysis of an AADL Code Generator's Runtime System
September 12, 2015 • White Paper
David Keaton
This paper describes a secure coding analysis of the PolyORB-HI-C runtime system used by C language code output from the Ocarina AADL code generator.
read -
Empirical Evaluation of API Usability and Security
May 20, 2015 • Presentation
Samuel M. WeberBrad MyersForrest Shull
In this presentation, the authors describe their work to develop and test API design principles.
read -
TWC: Small: Empirical Evaluation of the Usability and Security Implications of Application Programming Interface Design
May 20, 2015 • Poster
Brad MyersSamuel M. WeberRobert C. Seacord
In this poster, the authors analyze the usability of application programming interface design.
read -
Performance of Compiler-Assisted Memory Safety Checking
July 31, 2014 • Technical Note
David KeatonRobert C. Seacord
This technical note describes the criteria for deploying a compiler-based memory safety checking tool and the performance that can be achieved with two such tools whose source code is freely available.
read -
As-If Infinitely Ranged Integer Model
November 01, 2010 • Presentation
Roger Dannenberg (School of Computer Science, Carnegie Mellon University)Thomas Plum (Plum Hall, Inc.)Will Dormann
This ISSRE 2010 paper describes the AIR Integer model for eliminating vulnerabilities resulting from integer overflow, truncation, and unanticipated wrapping.
read -
As-If Infinitely Ranged Integer Model, Second Edition
April 01, 2010 • Technical Note
Roger Dannenberg (School of Computer Science, Carnegie Mellon University)Will DormannDavid Keaton
In this report, the authors present the as-if infinitely ranged (AIR) integer model, a mechanism for eliminating integral exceptional conditions.
read -
Instrumented Fuzz Testing Using AIR Integers (Whitepaper)
February 01, 2010 • White Paper
Roger Dannenberg (School of Computer Science, Carnegie Mellon University)Will DormannDavid Keaton
In this paper, the authors present the as-if infinitely ranged (AIR) integer model, which provides a mechanism for eliminating integral exceptional conditions.
read -
As-if Infinitely Ranged Integer Model
July 01, 2009 • Technical Note
David KeatonThomas Plum (Plum Hall, Inc.)Robert C. Seacord
In this report, the authors present the as-if infinitely ranged (AIR) integer model, which eliminates integer overflow and integer truncation in C and C++ code.
read -
Evaluation of CERT Secure Coding Rules through Integration with Source Code Analysis Tools
June 01, 2008 • Technical Report
Stephen DewhurstChad DoughertyYurie Ito
In this report, the authors describe a study to evaluate CERT Secure Coding Standards and source code analysis tools in commercial software projects.
read