Cyclone: A Safe Dialect of C

Cyclone is a safe dialect of C. It has been designed from the ground up to prevent the buffer overflows, format string attacks, and memory management errors that are common in C programs, while retaining C’s syntax and semantics. This paper examines safety violations enabled by C’s design, and shows how Cyclone avoids them, without giving up C’s hallmark control over low-level details such as data representation and memory management.

[1]  Barton P. Miller,et al.  An empirical study of the reliability of UNIX utilities , 1990, Commun. ACM.

[2]  Robin Milner,et al.  Definition of standard ML , 1990 .

[3]  Ray Jain,et al.  The art of computer systems performance analysis - techniques for experimental design, measurement, simulation, and modeling , 1991, Wiley professional computing.

[4]  Todd M. Austin,et al.  Efficient detection of all pointer and array access errors , 1994, PLDI '94.

[5]  David E. Evans,et al.  Static detection of dynamic memory errors , 1996, PLDI '96.

[6]  Crispan Cowan,et al.  StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks , 1998, USENIX Security Symposium.

[7]  Dan Grossman,et al.  TALx86: A Realistic Typed Assembly Language∗ , 1999 .

[8]  Barton P. Miller,et al.  An empirical study of the robustness of Windows NT applications using random testing , 2000 .

[9]  Dawson R. Engler,et al.  Checking system rules using system-specific, programmer-written compiler extensions , 2000, OSDI.

[10]  Navjot Singh,et al.  Transparent Run-Time Defense Against Stack-Smashing Attacks , 2000, USENIX Annual Technical Conference, General Track.

[11]  William R. Bush,et al.  A static analyzer for finding dynamic programming errors , 2000, Softw. Pract. Exp..

[12]  Dan Grossman,et al.  Scalable Certification for Typed Assembly Language , 2000, Types in Compilation.

[13]  Philip Koopman,et al.  The Exception Handling Effectiveness of POSIX Operating Systems , 2000, IEEE Trans. Software Eng..

[14]  S. Rajamani,et al.  Automatic predicate abstraction of C programs , 2001, SIGP.

[15]  Michael Shuey,et al.  StackGhost: Hardware Facilitated Stack Protection , 2001, USENIX Security Symposium.

[16]  Philip Koopman,et al.  Performance evaluation of exception handling in I/O libraries , 2001, 2001 International Conference on Dependable Systems and Networks.

[17]  Bruce Schneier,et al.  Inside Risks: The perils of port 80 , 2001, CACM.

[18]  Crispin Cowan,et al.  FormatGuard: Automatic Protection From printf Format String Vulnerabilities , 2001, USENIX Security Symposium.

[19]  Sriram K. Rajamani,et al.  Automatically validating temporal safety properties of interfaces , 2001, SPIN '01.

[20]  David Evans,et al.  Statically Detecting Likely Buffer Overflow Vulnerabilities , 2001, USENIX Security Symposium.

[21]  Dawson R. Engler,et al.  Bugs as deviant behavior: a general approach to inferring errors in systems code , 2001, SOSP.

[22]  David A. Wagner,et al.  This copyright notice must be included in the reproduced paper. USENIX acknowledges all trademarks herein. Detecting Format String Vulnerabilities with Type Qualifiers , 2001 .

[23]  George C. Necula,et al.  CCured: type-safe retrofitting of legacy code , 2002, POPL '02.

[24]  James Cheney,et al.  Region-based memory management in cyclone , 2002, PLDI '02.

[25]  David Walker,et al.  Stack-based typed assembly language , 2002, J. Funct. Program..