Robert C. Seacord
Producing secure programs in C and C++
Wednesday, APRIL 30, 2008
Building 3 Auditorium - 3:30 PM
(Refreshments at 3:00 PM)
Producing secure programs requires secure designs. However, even the best designs can lead to insecure programs if developers are unaware of the many security pitfalls inherent in C and C++ programming. This presentation describes common errors manipulating null-terminated bye strings in C and C++, how these errors can lead to vulnerabilities such as buffer overflows, and how these can be exploited using code and arc injection techniques.
Robert C. Seacord is a senior vulnerability analyst at the CERT/Coordination Center (CERT/CC) at the Software Engineering Institute (SEI) in Pittsburgh, PA. Robert is the author of Secure Coding in C and C++ (Addison-Wesley, 2005) and coauthor Building Systems from Commercial Components (Addison-Wesley, 2002) and Modernizing Legacy Systems (Addison-Wesley, 2003) as well as more than 50 papers on software security, component-based software engineering, Web-based system design, legacy-system modernization, component repositories and search engines, and user interface design and development.
Robert started programming professionally for IBM in 1982, working in communications and operating system software, processor development, and software engineering. Robert also has worked at the X Consortium, where he developed and maintained code for the Common Desktop Environment and the X Window System. He also is actively involved in the JTC1/SC22/WG14 international standardization working group for the C programming language.
IS&T Colloquium Committee Host: Ben Kobler