Taming the Enemy: Framework for Comparative Analysis of Safe String Libraries

Strings are of special concern in secure programming because they account for most of the data exchanged between an end user and a software system. Weaknesses in string representation and manipulation have led to a broad range of software vulnerabilities in C language programs. Over the years, several safe string libraries have been written in an attempt to prevent these vulnerabilities. The purpose of this work is to develop a framework for comparative analysis of safe string libraries. This encompasses (a) devising metrics for comparison of safe string libraries (b) creation and execution of testsuites for each library under consideration with the purpose of calculating the comparative metrics. This framework can be used as a sound basis for recommending the usage of a composition of specific safe string libraries.