Sign In

Communications of the ACM

ACM TechNews

Georgia Tech Finds 11 Security Flaws in Popular Internet Browsers ­sing New Analysis Method


View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
Reviewing code with a magnifying glass.

Ph.D. students and professors at the College of Computing at the Georgia Institute of Technology recently were honored for exploring vulnerabilities in C++.

Credit: iStock

Georgia Institute of Technology researchers have received $100,000 from Facebook to continue research that will help make the Internet safer.

Ph.D. students Byoungyoung Lee and Chengyu Song, with professors Taesoo Kim and Wenke Lee from the College of Computing, were recently honored with the Internet Defense Prize at the 24th USENIX Security Symposium in Washington, D.C. Their research explores vulnerabilities in C++ program, such as Chrome and Firefox, that result from "bad casting" or "type confusion." The team has developed a new proprietary detection tool, called CAVER, to catch them.

CAVER is a run-time detection tool with 7.6 percent to 64.6 percent overhead on browser performance on Chrome and Firefox, respectively. The researchers discovered 11 previously unknown Internet browser security flaws.

"Our work studied the much harder and deeper bugs- in particular 'use-after-free' and 'bad casting'--and our tools discovered serious security bugs in widely used software, such as Firefox and libstdc++," says professor Lee.

Vendors have confirmed and fixed the identified vulnerabilities.

"The security research community has been working on various ways to detect and fix memory safety bugs for decades, and have made progress on 'stack overflow' and 'heap overflow' bugs, but these have now become relatively easy problems," professor Lee notes.

From Georgia Tech News Center
View Full Article

 

Abstracts Copyright © 2015 Information Inc., Bethesda, Maryland, USA


 

No entries found