Integer overflows in commodity software are a main source for software bugs, which can result in exploitable memory corruption vulnerabilities and may eventually contribute to powerful software based exploits, i.e., code reuse attacks (CRAs). In this paper, we present INTGUARD, a symbolic execution based tool that can repair integer overflows with high-quality source code repairs. Specifically,...

To help people find code that they might want to reuse, repositories of end-user code typically sort scripts by number of downloads, ratings, or other information based on prior uses of the code. However, this information is unavailable when code is new or when it has not yet been reused. Addressing this problem requires identifying reusable code based solely on information that exists when a s...

Numerous discrepancies exist between expert opinion and empirical data reported in Morisio et al.’s recent TSE article. The differences related to what factors encouraged successful reuse in software organizations. This note describes how those differences were detected and comments on their methodological implications.

When one uses informal methods to retrieve a component that satisses some requirements out of a software reuse library, one cannot distinguish between the retrieved components that do satisfy the requirements and those that merely approximate the requirements (i.e. almost satisfy them). On the other hand, if one uses formal retrieval methods based on precise speciications of components and quer...

This paper provides a survey of methods and tools for automated code-reuse exploit generation. Such exploits use code that is already contained in vulnerable program. The approach allows one to vulnerabilities the presence operating system protection prohibits data memory execution. contains description various methods: return-to-libc attack, return-oriented programming, jump-oriented others. W...

The concept of systematic software reuse is simple: the idea of building and using "software preferred parts." By building systems out of carefully designed, pre-tested components, one will save the cost of designing, writing and testing new code. The practice of reuse has not proven to be this simple however, and there are many misconceptions about how to implement and gain benefit from softwa...

It is clear that Free Libre / Open Source Software (FLOSS) has been demonstrating increasing importance continually for some years now. As a result, millions of lines of code are becoming available online. In many cases, this code, is carefully designed, implemented, tested and therefore represents a very good option for reusability. Lately, more and more companies, especially Small and Medium ...

Writing data structures for abstract syntax trees (ASTs) in a conventional OO programming language is tedious and error-prone. Hence, programmers often use AST generators to generate OO code from a higher-level description. This article argues that the existing AST generators do not provide good support for programs that manipulate several similar structural variations of an AST. Using a conven...