"New Tool Automatically Finds Buffer Overflow Vulnerabilities"

A team of researchers at Carnegie Mellon University's CyLab designed a new tool called SyRust to automatically check for memory bugs—the types of bugs that can lead to buffer overflow exploits. Their tool specifically checks for such bugs in Rust libraries. The team's goal is to automatically find memory bugs that can result in security vulnerabilities in Rust libraries, as checking for these bugs manually, is said to be inefficient and time-consuming. Rust is an increasingly popular programming language that has been branded as both safe and efficient. CyLab's Limin Jia, a professor of electrical and computer engineering, pointed out that Rust only works if you write in the language's strict idioms. Rust developers usually require complex data structures for their software, but those structures and their operations are typically written using unsafe Rust that is not checked by the Rust compiler for memory safety bugs. SyRust can help by automatically generating unit tests for library APIs and testing library implementations for memory bugs. The team tried SyRust out on 30 popular libraries and discovered four new memory bugs. Although the tool has not been perfected yet, it is a step in the right direction. The SyRust tool does not generate enough tests to draw out all possible behaviors to ensure that a program contains no bugs. This article continues to discuss buffer overflow attacks, the Rust programming language, and the SyRust tool designed by CyLab researchers to automatically check for memory bugs in Rust libraries.

CyLab reports "New Tool Automatically Finds Buffer Overflow Vulnerabilities"