*********************************
There is now a CONTENT FREEZE for Mercury while we switch to a new platform. It began on Friday, March 10 at 6pm and will end on Wednesday, March 15 at noon. No new content can be created during this time, but all material in the system as of the beginning of the freeze will be migrated to the new platform, including users and groups. Functionally the new site is identical to the old one. webteam@gatech.edu
*********************************
Title: A Framework for Analyzing Undefined Behavior in C Software
Committee:
Dr. Keromytis, Advisor
Dr. Monrose, Chair
Dr. Frank Li
Abstract: The objective of the proposed research is to develop a program analysis framework to reason about undefined behavior. Undefined behavior in the C programming language is behavior which is not defined by the language's standard. Reliance on undefined behavior by the programmer may result in behavior that is unintended by the programmer and can introduce vulnerabilities in the software. Despite the abundance of research on software bugs and vulnerabilities, little research has been conducted on undefined behavior apart from a large amount of research focusing on a few well-known vulnerabilities. The proposed research will create a taxonomy of undefined behavior and develop static and dynamic program analyses to determine the security impacts of undefined behavior. It will demonstrate that a program analysis framework can statically detect undefined behavior in program binaries, find vulnerabilities caused by undefined behavior with fuzzing, and enable program equivalence checking in the presence of undefined behavior.
