Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

David Keaton
September 2015 - White Paper Secure Coding Analysis of an AADL Code Generator's Runtime System

Topics: Cybersecurity Engineering

Authors: David Keaton

This paper describes a secure coding analysis of the PolyORB-HI-C runtime system used by C language code output from the Ocarina AADL code generator.

July 2014 - Technical Note Performance of Compiler-Assisted Memory Safety Checking

Topics: Secure Coding

This technical note describes the criteria for deploying a compiler-based memory safety checking tool and the performance that can be achieved with two such tools whose source code is freely available.

November 2010 - Presentation As-If Infinitely Ranged Integer Model

Topics: Secure Coding

This ISSRE 2010 paper describes the AIR Integer model for eliminating vulnerabilities resulting from integer overflow, truncation, and unanticipated wrapping.

April 2010 - Technical Note As-If Infinitely Ranged Integer Model, Second Edition

Topics: Secure Coding

In this report, the authors present the as-if infinitely ranged (AIR) integer model, a mechanism for eliminating integral exceptional conditions.

February 2010 - White Paper Instrumented Fuzz Testing Using AIR Integers (Whitepaper)

Topics: Secure Coding

In this paper, the authors present the as-if infinitely ranged (AIR) integer model, which provides a mechanism for eliminating integral exceptional conditions.

July 2009 - Technical Note As-if Infinitely Ranged Integer Model

Topics: Secure Coding

In this report, the authors present the as-if infinitely ranged (AIR) integer model, which eliminates integer overflow and integer truncation in C and C++ code.

June 2008 - Technical Report Evaluation of CERT Secure Coding Rules through Integration with Source Code Analysis Tools

Topics: Secure Coding

In this report, the authors describe a study to evaluate CERT Secure Coding Standards and source code analysis tools in commercial software projects.