[talks] Soumyadeep Ghosh general exam

Melissa M. Lawson mml at CS.Princeton.EDU
Mon Apr 16 16:38:48 EDT 2012


Soumyadeep Ghosh will present his research seminar/general exam on 
Monday April 23 at 2PM in Room 402. The members of his committee 
are: David August (advisor), Andrew Appel, and Margaret Martonosi. 
Everyone is invited to attend his talk and those faculty wishing to remain 
for the oral exam following are welcome to do so. His abstract and 
reading list follow below. 




-- 


Title: Region-based Type Enforcement for C 


Abstract: 


Attacks that violate memory safety to corrupt program state or gain 
control over the execution of vulnerable programs form a large class of 
security threats. In a type-unsafe language such as C, different 
vulnerabilities due to lack of type enforcement (for e.g. buffer 
overflows, format string attacks, etc.) can lead to program crash, 
leakage of privileged information, and malicious code injection. These 
vulnerabilities stem from exploitation of facts that are undefined in 
the C standard. Existing bounds checking techniques cannot prevent 
attacks where bounds violations do not occur. Other techniques provide 
type enforcement, but they are either limited by incomplete code 
coverage or require non-trivial changes to the source code. In this 
work, we present a dynamic type enforcement system for C, that prevents 
memory safety errors by detecting program behavior undefined by the C 
standard. We evaluate the performance and applicability of our type 
enforcement system on a number of real-world applications with reported 
vulnerabilities. 


Reading List: 


Textbooks: 
[1] A. W. Appel. Modern Compiler Implementation in C. Cambridge 
University Press, 1998. 


[2] J. L. Hennessy and D. A. Patterson. Computer Architecture: A 
Quantitative Approach, Fourth Edition. Morgan Kaufmann, 2006. 


Papers: 


[1] P. Akritidis, C. Cadar, C. Raiciu, M. Costa, and M. Castro. 
Preventing memory error exploits with WIT. In Proceedings of the 2008 
IEEE Symposium on Security and Privacy, 2008. 


[2] D. Avots, M. Dalton, V. B. Livshits, and M. S. Lam. Improving 
software security with a C pointer analysis. In Proceedings of the 27th 
International Conference on Software Engineering, 2005. 


[3] S. Chen, J. Xu, N. Nakka, Z. Kalbarczyk, and R. K. Iyer. Defeating 
memory corruption attacks via pointer taintedness detection. In 
Proceedings of the 2005 International Conference on Dependable Systems 
and Networks, 2005. 


[4] S. Chen, J. Xu, E. C. Sezer, P. Gauriar, and R. K. Iyer. 
Non-control-data attacks are realistic threats. In Proceedings of the 
14th conference on USENIX Security Symposium, 2005. 


[5] D. Dhurjati, S. Kowshik, V. Adve, and C. Lattner. Memory safety 
without runtime checks or garbage collection. In Proceedings of the 2003 
ACM SIGPLAN Conference on Language, Compiler, and Tool for Embedded 
Systems, 2003. 


[6] M. Hind. Pointer analysis: Haven’t we solved this problem yet? In 
2001 ACM SIGPLAN-SIGSOFT Workshop on Program Analysis for Software Tools 
and Engineering (PASTE’01), 2001. 


[7] T. Jim, J. G. Morrisett, D. Grossman, M. W. Hicks, J. Cheney, and 
Y. Wang. Cyclone: A safe dialect of C. In Proceedings of the General 
Track of the annual conference on USENIX Annual Technical Conference, 
2002. 


[8] S. Nagarakatte, J. Zhao, M. M. Martin, and S. Zdancewic. Softbound: 
highly compatible and complete spatial memory safety for C. In 
Proceedings of the 2009 ACM SIGPLAN Conference on Programming Language 
Design and Implementation, 2009. 


[9] G. C. Necula, S. McPeak, and W. Weimer. CCured: type-safe 
retrofitting of legacy code. In Proceedings of the 29th ACM 
SIGPLAN-SIGACT symposium on Principles of programming languages, 2002. 


[10] C. Schlesinger, K. Pattabiraman, N. Swamy, D. Walker, and B. Zorn. 
Yarra: An extension to C for data integrity and partial safety. In 
Proceedings of the Computer Security Foundations Forum (CSF), 2011. 








-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cs.princeton.edu/pipermail/talks/attachments/20120416/b895d736/attachment.htm>


More information about the talks mailing list