USENIX Conference Policies
MINESTRONE: Testing the SOUP
Azzedine Benameur, Nathan S. Evans, Matthew C. Elder, Symantec Research Labs
Software development using type-unsafe languages (e.g., C and C++) is a challenging task for several reasons, security being one of the most important. Ensuring that a piece of code is bug or vulnerability free is one of the most critical aspects of software engineering. While most software development life cycle processes address security early on in the requirement analysis phase and refine it during testing, it is not always sufficient. Therefore the use of commercial security tools has been widely adopted by the software industry to help identify vulnerabilities, but they often have a high false-positive rate and have limited effectiveness. In this paper we present MINESTRONE, a novel architecture that integrates static analysis, dynamic confinement, and code diversification to identify, mitigate, and contain a broad class of software vulnerabilities in Software Of Uncertain Provenance (SOUP). MINESTRONE has been tested against an extensive test suite and showed promising results. MINESTRONE showed an improvement of 34.6% over the state-of-the art for memory corruption bugs that are commonly exploited.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
author = {Azzedine Benameur and Nathan S. Evans and Matthew C. Elder},
title = {{MINESTRONE}: Testing the {SOUP}},
booktitle = {6th Workshop on Cyber Security Experimentation and Test (CSET 13)},
year = {2013},
address = {Washington, D.C.},
url = {https://www.usenix.org/conference/cset13/workshop-program/presentation/benameur},
publisher = {USENIX Association},
month = aug
}