Robustness and Security Hardening of COTS Software Libraries
Research output: Contribution to conferences › Paper › Contributed › peer-review
Contributors
Abstract
COTS components, like software libraries, can be used to
reduce the development effort. Unfortunately, many COTS
components have been developed without a focus on robust-
ness and security. We propose a novel approach to harden
software libraries to improve their robustness and security.
Our approach is automated, general and extensible and
consists of the following stages. First, we use a static anal-
ysis to prepare and guide the following fault injection. In
the dynamic analysis stage, fault injection experiments exe-
cute the library functions with both usual and extreme input
values. The experiments are used to derive and verify one
protection hypothesis per function (for instance, function
foo fails if argument 1 is a NULL pointer). In the hard-
ening stage, a protection wrapper is generated from these
hypothesis to reject unrobust input values of library func-
tions. We evaluate our approach by hardening a library
used by Apache (a web server).
reduce the development effort. Unfortunately, many COTS
components have been developed without a focus on robust-
ness and security. We propose a novel approach to harden
software libraries to improve their robustness and security.
Our approach is automated, general and extensible and
consists of the following stages. First, we use a static anal-
ysis to prepare and guide the following fault injection. In
the dynamic analysis stage, fault injection experiments exe-
cute the library functions with both usual and extreme input
values. The experiments are used to derive and verify one
protection hypothesis per function (for instance, function
foo fails if argument 1 is a NULL pointer). In the hard-
ening stage, a protection wrapper is generated from these
hypothesis to reject unrobust input values of library func-
tions. We evaluate our approach by hardening a library
used by Apache (a web server).
Details
| Original language | English |
|---|---|
| Pages | 61-71 |
| Number of pages | 11 |
| Publication status | Published - 2007 |
| Peer-reviewed | Yes |
Conference
| Title | 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks 2007 |
|---|---|
| Abbreviated title | DSN'07 |
| Conference number | 37 |
| Duration | 25 - 28 June 2007 |
| Degree of recognition | International event |
| City | Edinburgh |
| Country | United Kingdom |
Keywords
Research priority areas of TU Dresden
DFG Classification of Subject Areas according to Review Boards
Keywords
- Robustness, Security, Software libraries, Protection, Runtime, Performance analysis, Computer crashes, Programming profession, Automatic testing, Software systems, security of data, ststem monitoring, security hardening, COTS software libraries, dynamic analysis, fault injection, protection wrapper, Apache