 |
CS
501 Project Suggestions GrammaTech |
|
CS
501 Project Suggestions GrammaTech |
GrammaTech is an Ithaca company that provides innovative software development tools for commercial software developers, government agencies, and leading universities. GrammaTech's products are language-based, meaning they understand the rules and structures of a particular programming language's semantics. This enables GrammaTech tools to automate many tasks that most engineers still perform manually with conventional text-based tools. For further information see: http://www.grammatech.com/
Two projects have been proposed:
GrammaTech, Inc., Ithaca, NY
Professor Tim Teitelbaum (tt@grammatech.com)
Cornell: (607) 255-7573; 4143 Upson Hall
GrammaTech: (607) 273-7340; 317 North Aurora St.
Many cyber attacks employ buffer overruns to seize control of an application by exploiting the lack of subscript bounds checking in C programs (see http://www.infowar.co.uk/mnemonix/rasbo.htm). The goal of this project is to build a tool for statically detecting possible buffer overruns in ANSI C programs. Current simplistic approaches to the problem just use lexical scanning to locate possibly exploitable code fragments (e.g., uses of strcpy instead of strncpy). In contrast, this project will start with the deep-structure program representations computed by CodeSurfer, GrammaTech's source code understanding, inspection, and analysis tool (http://www.grammatech.com/products/codesurfer). CodeSurfer exposes the results of its global program analyses (e.g., syntax, pointer, control-flow, and data-flow analyses) as a collection of Scheme abstract data types, and provides a GUI for browsing the code according to its semantic structure. Your project will use this information and GUI to build the most effective buffer-overrun detection tool you can.
GrammaTech, Inc., Ithaca, NY
Professor Tim Teitelbaum (tt@grammatech.com)
Cornell: (607) 255-7573; 4143 Upson Hall
GrammaTech: (607) 273-7340; 317 North Aurora St.
CodeSurfer is a tool for understanding ANSI C programs (http://www.grammatech.com/products/codesurfer). It works by preprocessing and compiling your project into a deep-structure intermediate form that explicitly represents dependences in your program --- exactly the sort of dependences you are always trying to track down when trying to understand a program. This project involves extending CodeSurfer to support assembler-language (or machine-language) programs. Such an extension would be useful for understanding (say) embedded systems programs in which mixed C and assembler programs are common, or for inspecting firmware for malicious code.
William Y. Arms
(wya@cs.cornell.edu)
Last changed: August 23, 2000