search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

As-If Infinitely Ranged Integer Model, Second Edition

Technical Note
By
In this report, the authors present the as-if infinitely ranged (AIR) integer model, a mechanism for eliminating integral exceptional conditions.
Publisher

Software Engineering Institute

CMU/SEI Report Number
CMU/SEI-2010-TN-008
DOI (Digital Object Identifier)
10.1184/R1/6572048.v1
Subjects

Abstract

Integers represent a growing and underestimated source of vulnerabilities in C and C++ programs. This report presents the as-if infinitely ranged (AIR) integer model that provides a largely automated mechanism for eliminating integer overflow and truncation and other integral exceptional conditions. The AIR integer model either produces a value equivalent to that obtained using infinitely ranged integers or results in a runtime-constraint violation. Instrumented fuzz testing of libraries that have been compiled using a prototype AIR integer compiler has been effective in discovering vulnerabilities in software with low false positive and false negative rates. Furthermore, the runtime overhead of the AIR integer model is low enough for typical applications to enable it in deployed systems for additional runtime protection.

Prototype
GCC 4.5.0

SHARE
Download PDF

Supplemental Materials

Download Prototype
Part of a Collection

Secure Coding Tools and Advancements Publications
Cite This Technical Note

Dannenberg, R., Dormann, W., Keaton, D., Plum, T., Seacord, R., Svoboda, D., Volkovitsky, A., & Wilson, T. (2010, April 1). As-If Infinitely Ranged Integer Model, Second Edition. (Technical Note CMU/SEI-2010-TN-008). Retrieved April 16, 2024, from https://doi.org/10.1184/R1/6572048.v1.

@techreport{dannenberg_2010,
author={Dannenberg, Roger and Dormann, William and Keaton, David and Plum, Thomas and Seacord, Robert and Svoboda, David and Volkovitsky, Alex and Wilson, Timothy},
title={As-If Infinitely Ranged Integer Model, Second Edition},
month={Apr},
year={2010},
number={CMU/SEI-2010-TN-008},
howpublished={Carnegie Mellon University, Software Engineering Institute's Digital Library},
url={https://doi.org/10.1184/R1/6572048.v1},
note={Accessed: 2024-Apr-16}
}

Dannenberg, Roger, William Dormann, David Keaton, Thomas Plum, Robert Seacord, David Svoboda, Alex Volkovitsky, and Timothy Wilson. "As-If Infinitely Ranged Integer Model, Second Edition." (CMU/SEI-2010-TN-008). Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, April 1, 2010. https://doi.org/10.1184/R1/6572048.v1.

R. Dannenberg, W. Dormann, D. Keaton, T. Plum, R. Seacord, D. Svoboda, A. Volkovitsky, and T. Wilson, "As-If Infinitely Ranged Integer Model, Second Edition," Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, Technical Note CMU/SEI-2010-TN-008, 1-Apr-2010 [Online]. Available: https://doi.org/10.1184/R1/6572048.v1. [Accessed: 16-Apr-2024].

Dannenberg, Roger, William Dormann, David Keaton, Thomas Plum, Robert Seacord, David Svoboda, Alex Volkovitsky, and Timothy Wilson. "As-If Infinitely Ranged Integer Model, Second Edition." (Technical Note CMU/SEI-2010-TN-008). Carnegie Mellon University, Software Engineering Institute's Digital Library, Software Engineering Institute, 1 Apr. 2010. https://doi.org/10.1184/R1/6572048.v1. Accessed 16 Apr. 2024.

Dannenberg, Roger; Dormann, William; Keaton, David; Plum, Thomas; Seacord, Robert; Svoboda, David; Volkovitsky, Alex; & Wilson, Timothy. As-If Infinitely Ranged Integer Model, Second Edition. CMU/SEI-2010-TN-008. Software Engineering Institute. 2010. https://doi.org/10.1184/R1/6572048.v1

Ask a question about this Technical Note