摘要: We check statically whether it is safe for untrusted foreign machine code to be loaded into a trusted host system. Our technique works on ordinary code, and mechanically synthesizes (and verifies) safety proof. earlier work along these lines was based C-like type system, which does not suffice whose origin C++ source code. In the present paper, we address this limitation with an improved typestate system introduce several new techniques, including: summarizing effects of function calls so that our analysis can stop at boundaries, inferring information about sizes types stack-allocated arrays, symbolic range propagating array bounds. These techniques make approach checking more precise, efficient, able handle larger collection real-life sequences than previously case.
springer.com
sci-hub.st 参考文章(36)
George Ciprian Necula, Peter Lee, Compiling with proofs Carnegie Mellon University. ,(1998)
Greg Morrisett, Karl Crary, Steve Zdancewic, Stephanie Weirich, Richard Samuels, David Walker, Dan Grossman, Frederick Smith, Neal Glew, TALx86: A Realistic Typed Assembly Language∗ ,(1999)
Christopher Small, Margo Seltzer, A comparison of OS extension technologies usenix annual technical conference. pp. 4- 4 ,(1996)
Nathan P. Smith, Stack Smashing Vulnerabilities in the UNIX Operating System ,(1997)
Clark Verbrugge, Phong Co, Laurie Hendren, Generalized Constant Propagation a study in C Lecture Notes in Computer Science. pp. 74- 90 ,(1996) , 10.1007/3-540-61053-7_54
Luca Cardelli, Martin Abadi, A Theory of Objects ,(1996)
Alan Mycroft, Type-Based Decompilation (or Program Reconstruction via Type Reconstruction) european symposium on programming. pp. 208- 223 ,(1999) , 10.1007/3-540-49099-X_14
Eric A. Brewer, Alexander Aiken, David A. Wagner, Jeffrey S. Foster, A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities. network and distributed system security symposium. ,(2000)
Ramkrishna Chatterjee, Barbara G. Ryder, William A. Landi, Relevant context inference Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages - POPL '99. pp. 133- 146 ,(1999) , 10.1145/292540.292554
David Chase, Mark Wegman, F. Ken Zadeck, Analysis of pointers and structures ACM SIGPLAN Notices. ,vol. 39, pp. 343- 359 ,(2004) , 10.1145/989393.989429