The Proceedings of the Information Systems Education Conference 2006: §2325    Home    Papers/Indices    prev (§2324)    Next (§2332)
Fri, Nov 3, 12:00 - 12:25, Bordeaux     Paper (refereed)
Recommended Citation: Werner, L A and C E Frank.  What Dick and Jane Donít Know About Integers.  In The Proceedings of the Information Systems Education Conference 2006, v 23 (Dallas): §2325. ISSN: 1542-7382. (A later version appears in Information Systems Education Journal 6(30). ISSN: 1545-679X.)
CDpic

What Dick and Jane Donít Know About Integers

thumb
Refereed7 pages
Laurie A. Werner    [a1] [a2]
Department of Computer and Information Technology
Miami University Hamilton    [u1] [u2]
Hamilton, Ohio, USA    [c1] [c2]

Charles E. Frank    [a1] [a2]
Department of Computer Science
Northern Kentucky University    [u1] [u2]
Highland Heights, Kentucky, USA    [c1] [c2]

The integer data type is ostensibly very simple, but integers can easily overflow in a simple program. A malicious user can manipulate an unchecked integer input to overflow which can produce a security breach. An integer overflow can cause a program to crash. In recent years, integer overflows resulted in more than two hundred recorded vulnerabilities. Integer overflow is a challenging topic to address when teaching C/C++ or Java in an introductory software development course. Most novice students are unaware that simple integer input or calculations can generate errors, or worse yet, silently deliver vulnerability in a system. This paper describes laboratory exercises that inform students about the nuances of integer behavior and how these can lead to security vulnerabilities. We illustrate techniques that educators can use to teach students to discover integer overflows and replace them with robust code. Even at the introductory level, we can reinforce a secure coding frame of mind such that our students will never blindly trust user input or perform calculations that generate integer overflows.

Keywords: integer overflow, security education, introductory programming, secure programming, Java, C, C++

Read this refereed paper in Adobe Portable Document (PDF) format. (7 pages, 433 K bytes)
Preview this refereed paper in Plain Text (TXT) format. (22 K bytes)

CDpic
Comments and corrections to
webmaster@isedj.org