Abstract
Strings are of special concern in secure programming because they account for most of the data exchanged between an end user and a software system. Weaknesses in string representation and manipulation have led to a broad range of software vulnerabilities in C language programs. Over the years, several safe string libraries have been written in an attempt to prevent these vulnerabilities. The purpose of this work is to develop a framework for comparative analysis of safe string libraries. This encompasses (a) devising metrics for comparison of safe string libraries (b) creation and execution of testsuites for each library under consideration with the purpose of calculating the comparative metrics. This framework can be used as a sound basis for recommending the usage of a composition of specific safe string libraries.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Seacord R (2005) Managed string library for C. http://www.drdobbs.com/managed-string-library-for-c/184402023. 01 Oct 2005
Stross C. Where we went wrong. www.antipope.org
Microsoft Help Library, MSDN/help/1-5036/ms.help?method=page&id=-1&topicversion=100&topiclocale=EN-US&SQM=1&product=VS&productVersion=100&locale=EN-US
ISO/IEC TR 24731—1:2007, Information technology–Programming languages, their environments and system software interfaces-Extensions to the C library—Part 1: Bounds-checking interfaces
Burch H, Long F, Seacord R (2006) Specifications for managed strings
MSDN Library for Visual Studio 2012—ENU, Microsoft Corporation 2012
Messier, Veiga. Safe C String Library v1.0.3, 30 Jan 2005. http://www.zork.org/safestr/
Hsieh P (2015) The better string library. http://bstring.sourceforge.net
Thomas N (2001) Lock it down: use Libsafe to secure Linux from buffer overflows. http://www.techrepublic.com
Messier, Veiga. XXL v1.0.1, 30 Jan 2005
Salvatore S (2006) Simple dynamic strings-readme
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Singapore Pte Ltd.
About this chapter
Cite this chapter
Srivastava, M., Rajani, T., Anitha Kumari, S.N., Viswanathan, C., Rakshit, S. (2018). Taming the Enemy: Framework for Comparative Analysis of Safe String Libraries. In: Nanda, M., Jeppu, Y. (eds) Formal Methods for Safety and Security. Springer, Singapore. https://doi.org/10.1007/978-981-10-4121-1_3
Download citation
DOI: https://doi.org/10.1007/978-981-10-4121-1_3
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-10-4120-4
Online ISBN: 978-981-10-4121-1
eBook Packages: EngineeringEngineering (R0)