skip to main content
10.1145/1297027.1297072acmconferencesArticle/Chapter ViewAbstractPublication PagessplashConference Proceedingsconference-collections
Article

Living in the comfort zone

Published:21 October 2007Publication History

ABSTRACT

A comfort zone is a tested region of a system's input space within which it has been observed to behave acceptably. To keep systems operating within their comfort zones, we advocate the interposition of rectifiers between systems and their input sources. Rectifiers are designed to transform inputs to ensure that they are within the comfort zone before they are presented to the system. Rectifiers enforce a highly constrained input format and, if necessary, discard information to force inputs to conform to this format. Potential benefits of this approach include the elimination of errors and vulnerabilities, the excision of undesirable excess functionality from large, complex systems, and a simplification of the computing environment.

We have developed a rectifier for email messages and used this rectifier to force messages into a specific constrained form. Our results show that this rectifier can successfully produce messages that keep the Pine email client strictly within code previously confirmed (during a small testing and training session) to function acceptably. Our results also show that the rectifier completely eliminates a security vulnerability in the Pine email client. And finally, the rectifier is able to accomplish these goals while still preserving an acceptable amount of information from the original messages.

References

  1. Apache SpamAssassin Project. http://www.spamassassin.apache.com.Google ScholarGoogle Scholar
  2. Derek Bruening. Efficient, Transparent, and Comprehensive Runtime Code Manipulation. PhD thesis, Massachusets Institute of Technology, September 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. Christoper Clark. Hash table implementation. http://www.cl.cam.ac.uk/~cwc22/hashtable/.Google ScholarGoogle Scholar
  4. Brian Demsky and Martin Rinard. Data structure repair using goal-directed reasoning. In Proceedings of the 2005 International Conference on Software Engineering, St. Louis, MO, May 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. Firefox Options Page. http://www.mozilla.org/support/firefox/options.Google ScholarGoogle Scholar
  6. Chi-Keung Luk, Robert Cohn, Robert Muth, Harish Patil, Artur Klauser, Geoff Lowney, Steven Wallace, Vijay Janapa Reddi, and Kim Hazelwood. Pin: Building Customized Program Analysis Tools with Dynamic Instrumentation. In Proceedings of the ACM SIGPLAN 2005 Conference on Programming Language Design and Implementation (PLDI), Chicago, IL, June 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. Microsoft word scripting vulnerability. http://www.microsoft.com/technet/security/Bulletin/MS02-021.mspx.Google ScholarGoogle Scholar
  8. Nicholas Nethercote and Julian Seward. Valgrind: A Framework for Heavyweight Dynamic Binary Instrumentation. In Proceedings of the ACM SIGPLAN 2007 Conference on Programming Language Design and Implementation (PLDI), San Diego, CA, June 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. Norton AntiVirus, marketed by Symantec. http://www.symantec.com.Google ScholarGoogle Scholar
  10. Perl website. http://www.perl.com.Google ScholarGoogle Scholar
  11. Matt Pietrek. Windows 95 Programming Secrets. John Wiley & Sons, November 1995.Google ScholarGoogle Scholar
  12. Pine exploit. www.securityfocus.com/bid/6120/discussion.Google ScholarGoogle Scholar
  13. Pine website. www.washington.edu/pine/.Google ScholarGoogle Scholar
  14. Martin Rinard. Acceptability-oriented computing. In 2003 ACM SIGPLAN Conference on Object-Oriented Programming Systems, Languages, and Applications Companion (OOPSLA'03 Companion), Anaheim, CA, October 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. Martin Rinard, Cristian Cadar, and Huu Hai Nguyen. Exploring the acceptability envelope. In 2005 ACM SIGPLAN Conference on Object-Oriented Programming Systems, Languages, and Applications Companion (OOPSLA'05 Companion), San Diego, CA, October 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. G. Steele and R. Gabriel. The evolution of lisp. In Proceedings of the Second ACM SIGPLAN Conference on the History of Programming Languages, Cambridge, MA, April 1993. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. Gregory Sullivan, Derek Bruening, Iris Baron, Timothy Garnett, and Saman Amarasinghe. Dynamic native optimization of interpreters. In Proceedings of the ACM Workshop on Interpreters, Virtual Machines, and Emulators (IVME-03), San Diego, CA, June 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. Wikipedia Buffer Overflow Article. http://en.wikipedia.org/wiki/Buffer_overflow.Google ScholarGoogle Scholar
  19. Wikipedia Firewall Article. http://en.wikipedia.org/wiki/Firewall_(networking).Google ScholarGoogle Scholar
  20. Wikipedia Mbox Article. http://en.wikipedia.org/wiki/Mbox.Google ScholarGoogle Scholar

Index Terms

  1. Living in the comfort zone

      Recommendations

      Comments

      Login options

      Check if you have access through your login credentials or your institution to get full access on this article.

      Sign in

      PDF Format

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader
      About Cookies On This Site

      We use cookies to ensure that we give you the best experience on our website.

      Learn more

      Got it!