Skip to main content
SpringerLink
Log in

Taming the Enemy: Framework for Comparative Analysis of Safe String Libraries

  • Chapter
  • First Online:
Formal Methods for Safety and Security

  • 690 Accesses

Abstract

Strings are of special concern in secure programming because they account for most of the data exchanged between an end user and a software system. Weaknesses in string representation and manipulation have led to a broad range of software vulnerabilities in C language programs. Over the years, several safe string libraries have been written in an attempt to prevent these vulnerabilities. The purpose of this work is to develop a framework for comparative analysis of safe string libraries. This encompasses (a) devising metrics for comparison of safe string libraries (b) creation and execution of testsuites for each library under consideration with the purpose of calculating the comparative metrics. This framework can be used as a sound basis for recommending the usage of a composition of specific safe string libraries.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 79.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 119.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 129.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Seacord R (2005) Managed string library for C. http://www.drdobbs.com/managed-string-library-for-c/184402023. 01 Oct 2005

  2. Stross C. Where we went wrong. www.antipope.org

  3. Microsoft Help Library, MSDN/help/1-5036/ms.help?method=page&id=-1&topicversion=100&topiclocale=EN-US&SQM=1&product=VS&productVersion=100&locale=EN-US

    Google Scholar 

  4. ISO/IEC TR 24731—1:2007, Information technology–Programming languages, their environments and system software interfaces-Extensions to the C library—Part 1: Bounds-checking interfaces

    Google Scholar 

  5. Burch H, Long F, Seacord R (2006) Specifications for managed strings

    Google Scholar 

  6. MSDN Library for Visual Studio 2012—ENU, Microsoft Corporation 2012

    Google Scholar 

  7. Messier, Veiga. Safe C String Library v1.0.3, 30 Jan 2005. http://www.zork.org/safestr/

  8. Hsieh P (2015) The better string library. http://bstring.sourceforge.net

  9. http://msdn.microsoft.com

  10. Thomas N (2001) Lock it down: use Libsafe to secure Linux from buffer overflows. http://www.techrepublic.com

  11. Messier, Veiga. XXL v1.0.1, 30 Jan 2005

    Google Scholar 

  12. Salvatore S (2006) Simple dynamic strings-readme

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Centre for Artificial Intelligence and Robotics, DRDO, Bangalore, 560093, India

    Manupriya Srivastava, T. Rajani, S. N. Anitha Kumari, Chitra Viswanathan & Subrata Rakshit

Authors
  1. Manupriya Srivastava
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. T. Rajani
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. S. N. Anitha Kumari
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Chitra Viswanathan
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Subrata Rakshit
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Manupriya Srivastava .

Editor information

Editors and Affiliations

  1. Aerospace Electronics and Systems Division, CSIR-National Aerospace Laboratories, Bangalore, Karnataka, India

    Manju Nanda

  2. Electronic CoE, Honeywell Technology Solutions, Bangalore, Karnataka, India

    Yogananda Jeppu

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Singapore Pte Ltd.

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Srivastava, M., Rajani, T., Anitha Kumari, S.N., Viswanathan, C., Rakshit, S. (2018). Taming the Enemy: Framework for Comparative Analysis of Safe String Libraries. In: Nanda, M., Jeppu, Y. (eds) Formal Methods for Safety and Security. Springer, Singapore. https://doi.org/10.1007/978-981-10-4121-1_3

Download citation

  • DOI: https://doi.org/10.1007/978-981-10-4121-1_3

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-10-4120-4

  • Online ISBN: 978-981-10-4121-1

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation