Sign In

Communications of the ACM

ACM TechNews

Georgia Tech Finds 11 Security Flaws in Popular Internet Browsers Using New Analysis Method


Reviewing code with a magnifying glass.

Ph.D. students and professors at the College of Computing at the Georgia Institute of Technology recently were honored for exploring vulnerabilities in C++.

Credit: iStock

Georgia Institute of Technology researchers have received $100,000 from Facebook to continue research that will help make the Internet safer.

Ph.D. students Byoungyoung Lee and Chengyu Song, with professors Taesoo Kim and Wenke Lee from the College of Computing, were recently honored with the Internet Defense Prize at the 24th USENIX Security Symposium in Washington, D.C. Their research explores vulnerabilities in C++ program, such as Chrome and Firefox, that result from "bad casting" or "type confusion." The team has developed a new proprietary detection tool, called CAVER, to catch them.

CAVER is a run-time detection tool with 7.6 percent to 64.6 percent overhead on browser performance on Chrome and Firefox, respectively. The researchers discovered 11 previously unknown Internet browser security flaws.

"Our work studied the much harder and deeper bugs- in particular 'use-after-free' and 'bad casting'--and our tools discovered serious security bugs in widely used software, such as Firefox and libstdc++," says professor Lee.

Vendors have confirmed and fixed the identified vulnerabilities.

"The security research community has been working on various ways to detect and fix memory safety bugs for decades, and have made progress on 'stack overflow' and 'heap overflow' bugs, but these have now become relatively easy problems," professor Lee notes.

From Georgia Tech News Center
View Full Article

 

Abstracts Copyright © 2015 Information Inc., Bethesda, Maryland, USA


 

No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account
Read CACM in a free mobile app!
Access the latest issue, plus archived issues and more
ACM Logo
  • ACM CACM apps available for iPad, iPhone and iPod Touch, and Android platforms
  • ACM Digital Library apps available for iOS, Android, and Windows devices
  • Download an app and sign in to it with your ACM Web Account
Find the app for your mobile device
ACM DL Logo