Paul Muntean

Learn More
Static analysis tools used for detecting information exposure bugs can help software engineers detecting bugs without introducing run-time overhead. Such tools can make the detection of information-flow bugs faster and cheaper without having to provide user input in order to trigger the bug detection. In this paper we present a bug-detection tool for(More)
—Information flow vulnerabilities in UML state charts and C code are detrimental as they can cause data leakages or unexpected program behavior. Detecting such vulnerabilities with static code analysis techniques is challenging because code is usually not available during the software design phase and previous knowledge about what should be annotated and(More)
The working package AP 5.1.3 deals with descriptions of security requirements on the modeling level of UML statecharts as well as with automatic checking of UML statecharts against such descriptions. We use textual annotations to introduce information-flow constraints in UML stat-echarts. The constraints concern mainly authentication, declassification, and(More)
In many C programs, debugging requires significant effort and can consume a lot of time. Even if the bug's cause is known, detecting a bug in such programs and generating a bug fix patch manually is a tedious task. In this paper, we present a novel approach used to generate bug fixes for buffer overflow automatically using static execution, code patch(More)
Nowadays control-flow hijacking attacks represents the highest software-based security threat [16]. For this reason we want to develop a tool that can asses the attack surface reduction (Q: Which useful code parts for an attack are still available after a hardening policy was applied to an executable?) w.r.t. the attack dubbed, Counterfeit Object-Oriented(More)
This work package presents an information exposure checker which is designed to detect information exposures in C/C++ code. Information flow vulnerabilities in C code are detrimental as they can cause data leakages or unexpected program behavior. Detecting such vulnerabilities with static code analysis techniques is challenging because of complex control(More)
Integer overflow errors in C programs are difficult to detect since the C language specification rules which govern how one can cast or promote integer types are not accompanied by any unambiguous set of formal rules. Thus, making it difficult for the programmer to understand and use the rules correctly causing vulnerabilities or costly errors. Although(More)