Izabela Maffra scite author profile

Izabela Maffra

5Publications

35Citation Statements Received

81Citation Statements Given

How they've been cited

How they cite others

Affiliations

Universidade Federal de Minas Gerais

Publications

Order By: Most citations

Validation of memory accesses through symbolic analyses

Nazaré

Maffra

Santos

et al. 2014

View full text Add to dashboard Cite

The C programming language does not prevent out-ofbounds memory accesses. There exist several techniques to secure C programs; however, these methods tend to slow down these programs substantially, because they populate the binary code with runtime checks. To deal with this problem, we have designed and tested two static analyses -symbolic region and range analysis -which we combine to remove the majority of these guards. In addition to the analyses themselves, we bring two other contributions. First, we describe live range splitting strategies that improve the efficiency and the precision of our analyses. Secondly, we show how to deal with integer overflows, a phenomenon that can compromise the correctness of static algorithms that validate memory accesses. We validate our claims by incorporating our findings into AddressSanitizer. We generate SPEC CINT 2006 code that is 17% faster and 9% more energy efficient than the code produced originally by this tool. Furthermore, our approach is 50% more effective than Pentagons, a stateof-the-art analysis to sanitize memory accesses.

show abstract

Detecção Automática de Vulnerabilidades em Código Protegido por Canários

Maffra¹,

Pereira²,

Oliveira³

2013

View full text Add to dashboard Cite

O estouro de arranjos é um tipo de ataque que custa, todo ano, milhões de dólares aos usuários de software. Canários são uma das formas mais conhecidas de prevenção contra esse tipo de ataque. Apesar de serem muito efetivos na prática, canários não são a solução ideal. Em alguns casos, eles não impedem a sobrescrita das chamadas variáveis locais. Tal omissão pode permitir que um adversário tome o controle do programa, desde que haja escalares posicionados após um arranjo vulnerável. A detecção desse tipo de vulnerabilidade é difícil, pois demanda grande familiaridade com o código sob análise. O objetivo deste artigo é resolver esse problema de forma automática. Tal feito pode ser conseguido via análises estáticas de código, implementadas a nível do compilador. Nossa técnica não requer qualquer tipo de intervenção do usuário e é notavelmente precisa. Esses algoritmos, implementados no compilador LLVM, foram testados em benchmarks que juntos nos deram mais de 1,4 milhões de linhas de código C. Nossa análise é prática e eficiente. Por exemplo, detectamos 836 potenciais vulnerabilidades em 17 programas presentes em SPEC CPU 2006.

show abstract

Strong Connectivity of Wireless Sensor Networks with Double Directional Antennae in 3D

Kranakis

MacQuarrie

Maffra

et al. 2013

View full text Add to dashboard Cite

Segurança de Software em Sistemas Embarcados: Ataques & Defesas

Silva¹,

Siqueira‐Silva²,

Souza³

et al. 2013

View full text Add to dashboard Cite

Software Security is key for the overall security of information systems. Day by day, more and more software exploitations happen and thus Software Security increasingly relevant. At the same time, Embedded Systems are becoming not only ubiquitous but also pervasive. As a result, it is paramount that those systems are secured. The problem, however, is that existing solutions -as is -are inadequate to Embedded Systems. This course therefore aims at giving an overview on the state-of-the-art of Software Security and, subsequently, show how these solutions can be adapted and evaluated in the context of Embedded Systems. ResumoSegurança de Software é um tema central na segurança de sistemas como um todo. Ataques que exploram vulnerabilidades em código são cada vez mais frequentes e Segurança de Software, então, é cada vez mais relevante. Paralelamente, Sistemas Embarcados fazem cada vez mais parte de nossas vidas e tendem a se tornar, na prática, onipresentes. Assim sendo, a segurança desses dispositivos é de suma importância. As propostas de

show abstract

Validation of memory accesses through symbolic analyses

et al. 2014

View full text Add to dashboard Cite

The C programming language does not prevent out-ofbounds memory accesses. There exist several techniques to secure C programs; however, these methods tend to slow down these programs substantially, because they populate the binary code with runtime checks. To deal with this problem, we have designed and tested two static analyses-symbolic region and range analysis-which we combine to remove the majority of these guards. In addition to the analyses themselves, we bring two other contributions. First, we describe live range splitting strategies that improve the efficiency and the precision of our analyses. Secondly, we show how to deal with integer overflows, a phenomenon that can compromise the correctness of static algorithms that validate memory accesses. We validate our claims by incorporating our findings into AddressSanitizer. We generate SPEC CINT 2006 code that is 17% faster and 9% more energy efficient than the code produced originally by this tool. Furthermore, our approach is 50% more effective than Pentagons, a stateof-the-art analysis to sanitize memory accesses.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Izabela Maffra

Validation of memory accesses through symbolic analyses

Detecção Automática de Vulnerabilidades em Código Protegido por Canários

Strong Connectivity of Wireless Sensor Networks with Double Directional Antennae in 3D

Segurança de Software em Sistemas Embarcados: Ataques & Defesas

Validation of memory accesses through symbolic analyses

Contact Info

Product

Resources

About