The Georgia Tech group discovered a new class of C++ vulnerabilities that are online window-based.
Dynamic casts are checked at runtime for correctness, but they also incur a performance overhead.
That pointer can then be used to corrupt the memory of the process.
This, in turn can lead to bad-casting or pop in-confusion susceptibilities.
Hence, the group also developed CaVeR, a runtime based bad-casting detection tool.
The findings and introduction of the new tool are further detailed in their research paper.
The prize was awarded at the 24th USENIX Security Symposium.
As an industry, we need to invest in those kinds of solutions that scale.
source: www.techworm.net
