"It is time for the Internet community to start addressing the more difficult, deeper security problems," Wenke Lee, professor at the School of Computer Science and research team adviser, told Phys.org. "The security research community has been working on various ways to detect and fix memory safety bugs for decades, and have made progress on 'stack overflow' and 'heap overflow' bugs, but these have now become relatively easy problems. Our work studied the much harder and deeper bugs — in particular 'use-after-free' and 'bad casting' — and our tools discovered serious security bugs in widely used software.”
How did researchers discover 11 new security vulnerabilities in popular Internet browsers like Firefox and Chrome?
Answer: by looking deeper
Four Ph.D. students at the Georgia Institute of Technology College of Computing discovered 11 previously unknown security vulnerabilities affecting memory corruption in C++ programs, such as Mozilla Firefox and Google Chrome. The vulnerabilities have now been fixed and the team was awarded the 2015 $100,000 Internet Defense Prize from Facebook.
"It is time for the Internet community to start addressing the more difficult, deeper security problems," Wenke Lee, professor at the School of Computer Science and research team adviser, told Phys.org. "The security research community has been working on various ways to detect and fix memory safety bugs for decades, and have made progress on 'stack overflow' and 'heap overflow' bugs, but these have now become relatively easy problems. Our work studied the much harder and deeper bugs — in particular 'use-after-free' and 'bad casting' — and our tools discovered serious security bugs in widely used software.”
"It is time for the Internet community to start addressing the more difficult, deeper security problems," Wenke Lee, professor at the School of Computer Science and research team adviser, told Phys.org. "The security research community has been working on various ways to detect and fix memory safety bugs for decades, and have made progress on 'stack overflow' and 'heap overflow' bugs, but these have now become relatively easy problems. Our work studied the much harder and deeper bugs — in particular 'use-after-free' and 'bad casting' — and our tools discovered serious security bugs in widely used software.”
