Compiler-generated Input Validation Vulnerability Analysis
Open Access
- Author:
- Betts, Michael X
- Area of Honors:
- Electrical Engineering
- Degree:
- Bachelor of Science
- Document Type:
- Thesis
- Thesis Supervisors:
- Daniel Patrick Koller, Thesis Supervisor
Jeffrey Scott Mayer, Thesis Honors Advisor - Keywords:
- Compilers
Computer Security
C++ - Abstract:
- As the usage of modern computer systems increases and more and more people delve into the art of programming, the impetus to increase the operating speed of programs has increased. One of the ways that this desire to increase program speed has affected programmers is the proliferation and increasing complexity of optimization options available in compilers. A compiler is a program that turns the human-readable pieces of code that developers write into the binary instructions that a computer runs. The existence of compiler programs allows code to run on different machines and speeds up the writing of code. When an optimizer is added to a compiler, the compiler will attempt to create machine code that the machine can run more efficiently than the code that would otherwise be generated by a literal translation of the programming code. As the sophistication of these optimizers increases, poorly written code that contains errors that would not otherwise hamper the program’s output can be turned into significant security holes. These vulnerabilities have affected many pieces of code, including the Linux kernel. This project aims to begin an examination of how these errors are created, and the programming logic that can result in these security holes.