Abstract
Memory-related errors, such as buffer overflows and dangling pointers, remain one of the principal reasons for failures of C programs. As a result, a number of recent research efforts have focused on the problem of dynamic detection of memory errors in C programs. However, existing approaches suffer from one or more of the following problems: inability to detect all memory errors (e.g., Purify), requiring non-trivial modifications to existing C programs (e.g., Cyclone), changing the memory management model of C to use garbage collection (e.g., CCured), and excessive performance overheads. In this paper, we present a new approach that addresses these problems. Our approach operates via source code transformation and combines efficient data-structures with simple, localized optimizations to obtain good performance.
- Anonymous. SPEC CINT Benchmark. Standard Performance Evaluation Corporation. http://www.specbench.org/.Google Scholar
- T. M. Austin, S. E. Breach, and G. S. Sohi. Efficient detection of all pointer and array access errors. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), pages 290--301, June 1994. Google ScholarDigital Library
- K. Avijit, P. Gupta, and D. Gupta. TIED, LibsafePlus: Tools for runtime buffer overflow protection. In USENIX Security Symposium, pages 45--55, 2004. Google ScholarDigital Library
- A. Baratloo, N. Singh, and T. Tsai. Transparent run-time defense against stack smashing attacks. In USENIX Annual Technical Conference, pages 251--262, Berkeley, CA, June 2000. Google ScholarDigital Library
- S. Bhatkar, D. C. DuVarney, and R. Sekar. Address obfuscation: An efficient approach to combat a broad range of memory error exploits. In USENIX Security Symposium, Washington, DC, August 2003. Google ScholarDigital Library
- H. Boehm and M. Weiser. Garbage collection in an uncooperative environment. In Software - Practice and Experience, pages 807--820, 1988. Google ScholarDigital Library
- M. C. Carlisle and A. Rogers. Software caching and computation migration in Olden. In ACM SIGPLAN Symposium on Principles and Practice of Parallel Programming (PPoPP), pages 29--38, Santa Barbara, CA, USA, 1995. ACM Press. Google ScholarDigital Library
- T. Chiueh and F. Hsu. RAD: A compile-time solution to buffer overflow attacks. In International Conference on Distributed Computing Systems (ICDCS), April 2001. Google ScholarDigital Library
- J. Condit, M. Harren, S. McPeak, G. C. Necula, and W. Weimer. CCured in the real world. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), pages 232--244, June 2003. Google ScholarDigital Library
- C. Cowan, M. Barringer, S. Beattie, and G. Kroah-Hartman. Formatguard: Automatic protection from printf format string vulnerabilities. In USENIX Security Symposium, 2001. Google ScholarDigital Library
- C. Cowan, S. Beattie, J. Johansen, and P. Wagle. Pointguard: Protecting pointers from buffer overflow vulnerabilities. In USENIX Security Symposium, Washington, D.C., August 2003. Google ScholarDigital Library
- C. Cowan, C. Pu, D. Maier, J. Walpole, P. Bakke, S. Beattie, A. Grier, P. Wagle, Q. Zhang, and H. Hinton. Automatic detection and prevention of buffer-overflow attacks. In USENIX Security Symposium, January 1998. Google ScholarDigital Library
- N. Dor, M. Rodeh, and M. Sagiv. Cssv: Towards a realistic tool for statically detecting all buffer overflows in c. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), San Diego, CA, June 2003. Google ScholarDigital Library
- H. Etoh and K. Yoda. Protecting from stack-smashing attacks. Published on World-Wide Web, June 2000.Google Scholar
- J. S. Foster, M. Fähndrich, and A. Aiken. A theory of type qualifiers. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), Atlanta, GA, May 1999. Google ScholarDigital Library
- V. Ganapathy, S. Jha, D. Chandler, D. Melski, and D. Vitek. Buffer overrun detection using linear programming and static analysis. In ACM Conference on Computer and Communication Security (CCS), pages 345--354, 2003. Google ScholarDigital Library
- R. Hastings and B. Joyce. Purify: Fast detection of memory leaks and access errors. In Proceedings of the Winter USENIX Conference, pages 125--136, 1992.Google Scholar
- E. Haugh and M. Bishop. Testing C programs for buffer overflow vulnerabilities. In Network and Distributed System Security Symposium (NDSS), February 2003.Google Scholar
- T. Jim, G. Morrisett, D. Grossman, M. Hicks, J. Cheney, and Y. Wang. Cyclone: A safe dialect of C. In USENIX Annual Technical Conference, June 2002. Google ScholarDigital Library
- R. W. M. Jones and P. H. J. Kelly. Backwards-compatible bounds checking for arrays and pointers in c programs. In International Workshop on Automated and Algorithmic Debugging, pages 13--26, 1997.Google Scholar
- S. Kaufer, R. Lopez, and S. Pratap. Saber-C: an interpreter-based programming environment for the C language. In Proceedings of the Summer USENIX Conference, pages 161--171, 1988.Google Scholar
- S. C. Kendall. Bcc: run--time checking for c programs. In Proceedings of the USENIX Summer Conference, El. Cerrito, California, USA, 1983. USENIX Association.Google Scholar
- D. Larochelle and D. Evans. Statically detecting likely buffer overflow vulnerabilities. In USENIX Security Symposium, pages 177--190, 2001. Google ScholarDigital Library
- A. Loginov, S. H. Yong, S. Horwitz, and T. Reps. Debugging via run-time type checking. In Fundamental Approaches to Software Engineering, 2001. Google ScholarDigital Library
- S. McPeak, G. C. Necula, S. P. Rahul, and W. Weimer. CIL: Intermediate language and tools for C program analysis and transformation. In Conference on Compiler Construction, pages 213--228, 2002. Google ScholarDigital Library
- G. C. Necula, S. McPeak, and W. Weimer. CCured: type-safe retrofitting of legacy code. In ACM Symposium on Principles of Programming Languages (POPL), pages 128--139, January 2002. Google ScholarDigital Library
- Y. Oiwa, T. Sekiguchi, E. Sumii, and A. Yonezawa. Fail-safe ansi-c compiler: An approach to making c programs secure (progress report). In International Symposium on Software Security, number 2609 in LNCS, pages 133--153. Springer-Verlag, 2002. Google ScholarDigital Library
- H. Patil and C. N. Fischer. Low-cost, concurrent checking of pointer and array accesses in c programs. Software - Practice and Experience, 27(1):87--110, 1997. Google ScholarDigital Library
- H. G. Patil and C. N. Fischer. Efficient run-time monitoring using shadow processing. In International Workshop on Automated and Algorithmic Debugging, 1995.Google Scholar
- R. Rugina and M. Rinard. Symbolic bounds analysis of pointers, array indices, and accessed memory regions. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), pages 182--195. ACM Press, 2000. Google ScholarDigital Library
- O. Ruwase and M. S. Lam. A practical dynamic buffer overflow detector. In Network and Distributed System Security Symposium (NDSS), pages 159--169, February 2004.Google Scholar
- M. Siff, S. Chandra, T. Ball, K. Kunchithapadam, and T. Reps. Coping with type casts in C. In ACM SIGSOFT International Symposium on the Foundations of Software Engineering (FSE), pages 180--198. Springer-Verlag, 1999. Google ScholarDigital Library
- J. L. Steffen. Adding run-time checking to the portable c compiler. Software - Practice and Experience, 22(4):305--316, April 1992. Google ScholarDigital Library
- K. suk Lhee and S. J. Chapin. Type-assisted dynamic buffer overflow detection. In USENIX Security Symposium, pages 81--88, 2002. Google ScholarDigital Library
- D. Wagner, J. S. Foster, E. A. Brewer, and A. Aiken. A first step towards automated detection of buffer overrun vulnerabilities. In Network and Distributed System Security Symposium (NDSS), 2000.Google Scholar
- Y. Xie, A. Chou, and D. Engler. Archer: using symbolic, path-sensitive analysis to detect memory access errors. In European Software Engineering Conference / ACM SIGSOFT International Symposium on the Foundations of Software Engineering (ESEC/FSE), pages 327--336. ACM Press, 2003. Google ScholarDigital Library
- S. H. Yong and S. Horwitz. Protecting C programs from attacks via invalid pointer dereferences. In ACM SIGSOFT International Symposium on the Foundations of Software Engineering (FSE), 2003. Google ScholarDigital Library
Index Terms
- An efficient and backwards-compatible transformation to ensure memory safety of C programs
Recommendations
An efficient and backwards-compatible transformation to ensure memory safety of C programs
SIGSOFT '04/FSE-12: Proceedings of the 12th ACM SIGSOFT twelfth international symposium on Foundations of software engineeringMemory-related errors, such as buffer overflows and dangling pointers, remain one of the principal reasons for failures of C programs. As a result, a number of recent research efforts have focused on the problem of dynamic detection of memory errors in ...
Enforcing Memory Safety for Sensor Node Programs
CIT '12: Proceedings of the 2012 IEEE 12th International Conference on Computer and Information TechnologySensor nodes are generally resource-constrained and MMUs are not present on sensor nodes. Without MMU, operating system is volatile to user program errors. so it is notoriously difficult to write robust programs. In this paper, we present memory safety ...
Deciding memory safety for single-pass heap-manipulating programs
We investigate the decidability of automatic program verification for programs that manipulate heaps, and in particular, decision procedures for proving memory safety for them. We extend recent work that identified a decidable subclass of uninterpreted ...
Comments