ABSTRACT
A comfort zone is a tested region of a system's input space within which it has been observed to behave acceptably. To keep systems operating within their comfort zones, we advocate the interposition of rectifiers between systems and their input sources. Rectifiers are designed to transform inputs to ensure that they are within the comfort zone before they are presented to the system. Rectifiers enforce a highly constrained input format and, if necessary, discard information to force inputs to conform to this format. Potential benefits of this approach include the elimination of errors and vulnerabilities, the excision of undesirable excess functionality from large, complex systems, and a simplification of the computing environment.
We have developed a rectifier for email messages and used this rectifier to force messages into a specific constrained form. Our results show that this rectifier can successfully produce messages that keep the Pine email client strictly within code previously confirmed (during a small testing and training session) to function acceptably. Our results also show that the rectifier completely eliminates a security vulnerability in the Pine email client. And finally, the rectifier is able to accomplish these goals while still preserving an acceptable amount of information from the original messages.
- Apache SpamAssassin Project. http://www.spamassassin.apache.com.Google Scholar
- Derek Bruening. Efficient, Transparent, and Comprehensive Runtime Code Manipulation. PhD thesis, Massachusets Institute of Technology, September 2004. Google ScholarDigital Library
- Christoper Clark. Hash table implementation. http://www.cl.cam.ac.uk/~cwc22/hashtable/.Google Scholar
- Brian Demsky and Martin Rinard. Data structure repair using goal-directed reasoning. In Proceedings of the 2005 International Conference on Software Engineering, St. Louis, MO, May 2005. Google ScholarDigital Library
- Firefox Options Page. http://www.mozilla.org/support/firefox/options.Google Scholar
- Chi-Keung Luk, Robert Cohn, Robert Muth, Harish Patil, Artur Klauser, Geoff Lowney, Steven Wallace, Vijay Janapa Reddi, and Kim Hazelwood. Pin: Building Customized Program Analysis Tools with Dynamic Instrumentation. In Proceedings of the ACM SIGPLAN 2005 Conference on Programming Language Design and Implementation (PLDI), Chicago, IL, June 2005. Google ScholarDigital Library
- Microsoft word scripting vulnerability. http://www.microsoft.com/technet/security/Bulletin/MS02-021.mspx.Google Scholar
- Nicholas Nethercote and Julian Seward. Valgrind: A Framework for Heavyweight Dynamic Binary Instrumentation. In Proceedings of the ACM SIGPLAN 2007 Conference on Programming Language Design and Implementation (PLDI), San Diego, CA, June 2007. Google ScholarDigital Library
- Norton AntiVirus, marketed by Symantec. http://www.symantec.com.Google Scholar
- Perl website. http://www.perl.com.Google Scholar
- Matt Pietrek. Windows 95 Programming Secrets. John Wiley & Sons, November 1995.Google Scholar
- Pine exploit. www.securityfocus.com/bid/6120/discussion.Google Scholar
- Pine website. www.washington.edu/pine/.Google Scholar
- Martin Rinard. Acceptability-oriented computing. In 2003 ACM SIGPLAN Conference on Object-Oriented Programming Systems, Languages, and Applications Companion (OOPSLA'03 Companion), Anaheim, CA, October 2003. Google ScholarDigital Library
- Martin Rinard, Cristian Cadar, and Huu Hai Nguyen. Exploring the acceptability envelope. In 2005 ACM SIGPLAN Conference on Object-Oriented Programming Systems, Languages, and Applications Companion (OOPSLA'05 Companion), San Diego, CA, October 2005. Google ScholarDigital Library
- G. Steele and R. Gabriel. The evolution of lisp. In Proceedings of the Second ACM SIGPLAN Conference on the History of Programming Languages, Cambridge, MA, April 1993. Google ScholarDigital Library
- Gregory Sullivan, Derek Bruening, Iris Baron, Timothy Garnett, and Saman Amarasinghe. Dynamic native optimization of interpreters. In Proceedings of the ACM Workshop on Interpreters, Virtual Machines, and Emulators (IVME-03), San Diego, CA, June 2003. Google ScholarDigital Library
- Wikipedia Buffer Overflow Article. http://en.wikipedia.org/wiki/Buffer_overflow.Google Scholar
- Wikipedia Firewall Article. http://en.wikipedia.org/wiki/Firewall_(networking).Google Scholar
- Wikipedia Mbox Article. http://en.wikipedia.org/wiki/Mbox.Google Scholar
Index Terms
- Living in the comfort zone
Recommendations
Living in the comfort zone
Proceedings of the 2007 OOPSLA conferenceA comfort zone is a tested region of a system's input space within which it has been observed to behave acceptably. To keep systems operating within their comfort zones, we advocate the interposition of rectifiers between systems and their input ...
A novel zero dead zone PFD and efficient CP for PLL applications
This work presents a new structure of Phase Frequency Detector (PFD) and an improved design of Charge Pump (CP) for Phase Locked Loop applications. The new structure of PFD can overcome the speed and dead zone limitations of the conventional PFD. The ...
Thermal Simulation of a Supermarket Cold Zone with Integrated Assessment of Human Thermal Comfort
Computational Science and Its Applications – ICCSA 2020AbstractThis work seeks to analyze the thermal comfort of the occupants in a large building of Commerce and Services, integrating measures of assessment and energy efficiency promotion. The building is still in the construction phase and at its conclusion,...
Comments