Title: On Modular-Reduction Vulnerabilities

Andy King


Abstract

Securing systems that interact with potentially malicious parties can be a 
tremendous challenge. Systems written in C are especially difficult to secure, 
given C's tendency to sacrifice safety for efficiency. Given that buffer 
overflows are a particularly widespread type of vulnerability, much research has 
focused on these types of flaw. Recently, a number of subtle buffer overflow 
vulnerabilities have come to light due to the modular nature of integer 
arithmetic. This talk will show how analysis techniques, motivated by techniques 
in constrained-based test-data generation, have potential for diagnosing these 
integer overflow vulnerabilities.