Specifications for Managed Strings, Second Edition

This report describes a managed string library for the C programming language. Many software vulnerabilities in C programs result from the misuse of manipulation functions for standard C strings. Programming errors common to string-manipulation logic include buffer overflow, truncation errors, string termination errors, and improper data sanitization. The managed string library provides mechanisms to eliminate or mitigate these problems and improve system security. The CERT Program, which is part of the Carnegie Mellon Software Engineering Institute, provides a proof-of-concept implementation of the managed string library on its Secure Coding web pages.

PDF [510 KB]

Authors

Hal Burch

Fred Long

Raunak Rungta

Robert C. Seacord

David Svoboda

This report is related to the following area(s) of work:

Security and Survivability

Technical Report
CMU/SEI-2010-TR-018
May 2010

Cite This Report

SEI:

Burch, Hal; Long, Fred; Rungta, Raunak; Seacord, Robert; & Svoboda, David. Specifications for Managed Strings, Second Edition (CMU/SEI-2010-TR-018). Software Engineering Institute, Carnegie Mellon University, 2010. http://www.sei.cmu.edu/library/abstracts/reports/10tr018.cfm

IEEE:

H. Burch, F. Long, R. Rungta, R. Seacord, and D. Svoboda, "Specifications for Managed Strings, Second Edition," Software Engineering Institute, Carnegie Mellon University, Pittsburgh, Pennsylvania, Technical Report CMU/SEI-2010-TR-018, 2010. http://www.sei.cmu.edu/library/abstracts/reports/10tr018.cfm

APA:

Burch, H., Long, F., Rungta, R., Seacord, R., & Svoboda, D. (2010) . Specifications for Managed Strings, Second Edition (CMU/SEI-2010-TR-018). Retrieved May 23, 2012, from the Software Engineering Institute, Carnegie Mellon University website: http://www.sei.cmu.edu/library/abstracts/reports/10tr018.cfm

CHI:

Burch, Hal, Fred Long, Raunak Rungta, Robert Seacord, and David Svoboda. Specifications for Managed Strings, Second Edition (CMU/SEI-2010-TR-018). Pittsburgh, PA: Software Engineering Insitute, Carnegie Mellon University, 2010. http://www.sei.cmu.edu/library/abstracts/reports/10tr018.cfm

MLA:

Burch, H., Long, F., Rungta, R., Seacord, R., & Svoboda, D. 2010. Specifications for Managed Strings, Second Edition (Technical Report CMU/SEI-2010-TR-018). Pittsburgh: Software Engineering Insitute, Carnegie Mellon University. http://www.sei.cmu.edu/library/abstracts/reports/10tr018.cfm

Find Us Here

Share This Page

Share on Facebook  Send to your Twitter page  Save to del.ico.us  Save to LinkedIn  Digg this  Stumble this page.  Add to Technorati favorites  Save this page on your Google Home Page 

For more information

Contact Us

info@sei.cmu.edu

412-268-5800