ARCHERR: Runtime Environment Driven Program Safety
作者: Ramkumar Chinchani , Anusha Iyer , Bharat Jayaraman , Shambhu Upadhyaya
DOI: 10.1007/978-3-540-30108-0_24
关键词: Pointer (computer programming) 、 Runtime verification 、 Heap overflow 、 Data type 、 Embedded system 、 Computer science 、 Integer overflow
摘要: Parameters of a program’s runtime environment such as the machine architecture and operating system largely determine whether vulnerability can be exploited. For example, word size is an important factor in integer overflow attack likewise memory layout process buffer or heap attack. In this paper, we present analysis effects on language’s data types. Based analysis, have developed Archerr, automated one-pass source-to-source transformer that derives appropriate dependent safety error checks inserts them C source programs. Our approach achieves comprehensive coverage against wide array program-level exploits including overflows/underflows. We demonstrate efficacy our technique versions programs with known vulnerabilities Sendmail. benchmarked results show it general less expensive than other well-known techniques, at same time requires no extensions to programming language. Additional benefits include ability gracefully handle arbitrary pointer usage, aliasing, typecasting.
springer.com
core.ac.uk
sci-hub.st 参考文章(13)
Paul H. J. Kelly, Richard W. M. Jones, Backwards-Compatible Bounds Checking for Arrays and Pointers in C Programs Proceedings of the 3rd International Workshop on Automatic Debugging; 1997 (AADEBUG-97). pp. 13- 26 ,(1997)
Daniel C. DuVarney, Sandeep Bhatkar, R. Sekar, Address obfuscation: an efficient approach to combat a board range of memory error exploits usenix security symposium. pp. 8- 8 ,(2003)
Navjot Singh, Arash Baratloo, Timothy Tsai, Transparent run-time defense against stack smashing attacks usenix annual technical conference. pp. 21- 21 ,(2000)
Eric A. Brewer, Alexander Aiken, David A. Wagner, Jeffrey S. Foster, A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities. network and distributed system security symposium. ,(2000)
Perry Wagle, Jonathan Walpole, Calton Pu, Steve Beattie, Aaron Grier, Crispin Cowan, Heather Hintony, Qian Zhang, Peat Bakke, Dave Maier, StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks usenix security symposium. pp. 5- 5 ,(1998)
James Cheney, Michael W. Hicks, Yanling Wang, Dan Grossman, J. Greg Morrisett, Trevor Jim, Cyclone: A Safe Dialect of C usenix annual technical conference. pp. 275- 288 ,(2002)
William Landi, Undecidability of static analysis ACM Letters on Programming Languages and Systems. ,vol. 1, pp. 323- 337 ,(1992) , 10.1145/161494.161501
G. Ramalingam, The undecidability of aliasing ACM Transactions on Programming Languages and Systems. ,vol. 16, pp. 1467- 1471 ,(1994) , 10.1145/186025.186041
Perry Wagle, Steve Beattie, Crispin Cowan, John Johansen, Pointguard TM : protecting pointers from buffer overflow vulnerabilities usenix security symposium. pp. 7- 7 ,(2003)
George C. Necula, Scott McPeak, Westley Weimer, CCured ACM SIGPLAN Notices. ,vol. 47, pp. 74- 85 ,(2012) , 10.1145/2442776.2442786