--
Title: Region-based Type Enforcement for C
Abstract:
Attacks that violate memory safety to corrupt program state or gain
control over the execution of vulnerable programs form a large class of
security threats. In a type-unsafe language such as C, different
vulnerabilities due to lack of type enforcement (for e.g. buffer
overflows, format string attacks, etc.) can lead to program crash,
leakage of privileged information, and malicious code injection. These
vulnerabilities stem from exploitation of facts that are undefined in
the C standard. Existing bounds checking techniques cannot prevent
attacks where bounds violations do not occur. Other techniques provide
type enforcement, but they are either limited by incomplete code
coverage or require non-trivial changes to the source code. In this
work, we present a dynamic type enforcement system for C, that prevents
memory safety errors by detecting program behavior undefined by the C
standard. We evaluate the performance and applicability of our type
enforcement system on a number of real-world applications with reported
vulnerabilities.
Reading List:
Textbooks:
[1] A. W. Appel. Modern Compiler Implementation in C. Cambridge
University Press, 1998.
[2] J. L. Hennessy and D. A. Patterson. Computer Architecture: A
Quantitative Approach, Fourth Edition. Morgan Kaufmann, 2006.
Papers:
[1] P. Akritidis, C. Cadar, C. Raiciu, M. Costa, and M. Castro.
Preventing memory error exploits with WIT. In Proceedings of the 2008
IEEE Symposium on Security and Privacy, 2008.
[2] D. Avots, M. Dalton, V. B. Livshits, and M. S. Lam. Improving
software security with a C pointer analysis. In Proceedings of the 27th
International Conference on Software Engineering, 2005.
[3] S. Chen, J. Xu, N. Nakka, Z. Kalbarczyk, and R. K. Iyer. Defeating
memory corruption attacks via pointer taintedness detection. In
Proceedings of the 2005 International Conference on Dependable Systems
and Networks, 2005.
[4] S. Chen, J. Xu, E. C. Sezer, P. Gauriar, and R. K. Iyer.
Non-control-data attacks are realistic threats. In Proceedings of the
14th conference on USENIX Security Symposium, 2005.
[5] D. Dhurjati, S. Kowshik, V. Adve, and C. Lattner. Memory safety
without runtime checks or garbage collection. In Proceedings of the 2003
ACM SIGPLAN Conference on Language, Compiler, and Tool for Embedded
Systems, 2003.
[6] M. Hind. Pointer analysis: Haven’t we solved this problem yet? In
2001 ACM SIGPLAN-SIGSOFT Workshop on Program Analysis for Software Tools
and Engineering (PASTE’01), 2001.
[7] T. Jim, J. G. Morrisett, D. Grossman, M. W. Hicks, J. Cheney, and
Y. Wang. Cyclone: A safe dialect of C. In Proceedings of the General
Track of the annual conference on USENIX Annual Technical Conference,
2002.
[8] S. Nagarakatte, J. Zhao, M. M. Martin, and S. Zdancewic. Softbound:
highly compatible and complete spatial memory safety for C. In
Proceedings of the 2009 ACM SIGPLAN Conference on Programming Language
Design and Implementation, 2009.
[9] G. C. Necula, S. McPeak, and W. Weimer. CCured: type-safe
retrofitting of legacy code. In Proceedings of the 29th ACM
SIGPLAN-SIGACT symposium on Principles of programming languages, 2002.
[10] C. Schlesinger, K. Pattabiraman, N. Swamy, D. Walker, and B. Zorn.
Yarra: An extension to C for data integrity and partial safety. In
Proceedings of the Computer Security Foundations Forum (CSF), 2011.