The bugs we have to kill

• Autores: Sergey Bratus, Meredith L. Patterson, Anna Shubina
• Localización: ;login:: the magazine of USENIX & SAGE, ISSN 1044-6397, Vol. 40, Nº. 4, 2015 (Ejemplar dedicado a: Security and sisadmin), págs. 4-10
• Idioma: inglés
• Texto completo no disponible (Saber más ...)
• Resumen

  • The code that parses inputs is the first and often the only protection for the rest of a program from malicious inputs. No programmer can afford to verify every implied condition on every line of code—even if this were possible to implement without slowing execution to a crawl. The parser is the part that is supposed to create a world for the rest of the program where all these implied conditions are true and need not be explicitly checked at every turn. Sadly, this is exactly where most parsers fail, and the rest of the program fails with them. In this article, we explain why parsers continue to be such a problem, as well as point to potential solutions that can kill large classes of bugs.