Sign In

Communications of the ACM

ACM TechNews

Georgia Tech Finds 11 Security Flaws in Popular Internet Browsers Using New Analysis Method


Reviewing code with a magnifying glass.

Ph.D. students and professors at the College of Computing at the Georgia Institute of Technology recently were honored for exploring vulnerabilities in C++.

Credit: iStock

Georgia Institute of Technology researchers have received $100,000 from Facebook to continue research that will help make the Internet safer.

Ph.D. students Byoungyoung Lee and Chengyu Song, with professors Taesoo Kim and Wenke Lee from the College of Computing, were recently honored with the Internet Defense Prize at the 24th USENIX Security Symposium in Washington, D.C. Their research explores vulnerabilities in C++ program, such as Chrome and Firefox, that result from "bad casting" or "type confusion." The team has developed a new proprietary detection tool, called CAVER, to catch them.

CAVER is a run-time detection tool with 7.6 percent to 64.6 percent overhead on browser performance on Chrome and Firefox, respectively. The researchers discovered 11 previously unknown Internet browser security flaws.

"Our work studied the much harder and deeper bugs- in particular 'use-after-free' and 'bad casting'--and our tools discovered serious security bugs in widely used software, such as Firefox and libstdc++," says professor Lee.

Vendors have confirmed and fixed the identified vulnerabilities.

"The security research community has been working on various ways to detect and fix memory safety bugs for decades, and have made progress on 'stack overflow' and 'heap overflow' bugs, but these have now become relatively easy problems," professor Lee notes.

From Georgia Tech News Center
View Full Article

 

Abstracts Copyright © 2015 Information Inc., Bethesda, Maryland, USA


 

No entries found