An efficient and backwards-compatible transformation to ensure memory safety of C programs

Memory-related errors, such as buffer overflows and dangling pointers, remain one of the principal reasons for failures of C programs. As a result, a number of recent research efforts have focused on the problem of dynamic detection of memory errors in C programs. However, existing approaches suffer from one or more of the following problems: inability to detect all memory errors (e.g., Purify), requiring non-trivial modifications to existing C programs (e.g., Cyclone), changing the memory management model of C to use garbage collection (e.g., CCured), and excessive performance overheads. In this paper, we present a new approach that addresses these problems. Our approach operates via source code transformation and combines efficient data-structures with simple, localized optimizations to obtain good performance.

[1]  John Johansen,et al.  PointGuard™: Protecting Pointers from Buffer Overflow Vulnerabilities , 2003, USENIX Security Symposium.

[2]  Olatunji Ruwase,et al.  A Practical Dynamic Buffer Overflow Detector , 2004, NDSS.

[3]  Susan Horwitz,et al.  Protecting C programs from attacks via invalid pointer dereferences , 2003, ESEC/FSE-11.

[4]  Somesh Jha,et al.  Buffer overrun detection using linear programming and static analysis , 2003, CCS '03.

[5]  George C. Necula,et al.  CCured in the real world , 2003, PLDI '03.

[6]  Navjot Singh,et al.  Transparent Run-Time Defense Against Stack-Smashing Attacks , 2000, USENIX Annual Technical Conference, General Track.

[7]  Deepak Gupta,et al.  TIED, LibsafePlus: Tools for Runtime Buffer Overflow Protection , 2004, USENIX Security Symposium.

[8]  David A. Wagner,et al.  A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities , 2000, NDSS.

[9]  David Evans,et al.  Statically Detecting Likely Buffer Overflow Vulnerabilities , 2001, USENIX Security Symposium.

[10]  Paul H. J. Kelly,et al.  Backwards-Compatible Bounds Checking for Arrays and Pointers in C Programs , 1997, AADEBUG.

[11]  Alexander Aiken,et al.  A theory of type qualifiers , 1999, PLDI '99.

[12]  Robert O. Hastings,et al.  Fast detection of memory leaks and access errors , 1991 .

[13]  Todd M. Austin,et al.  Efficient detection of all pointer and array access errors , 1994, PLDI '94.

[14]  Susan Horwitz,et al.  Debugging via Run-Time Type Checking , 2001, FASE.

[15]  Steve J. Chapin,et al.  Type-Assisted Dynamic Buffer Overflow Detection , 2002, USENIX Security Symposium.

[16]  Tzi-cker Chiueh,et al.  RAD: a compile-time solution to buffer overflow attacks , 2001, Proceedings 21st International Conference on Distributed Computing Systems.

[17]  Michael Rodeh,et al.  CSSV: towards a realistic tool for statically detecting all buffer overflows in C , 2003, PLDI '03.

[18]  Joseph L. Steffen Adding run‐time checking to the portable C compiler , 1992, Softw. Pract. Exp..

[19]  Harish Patil,et al.  Efficient Run-time Monitoring Using Shadow Processing , 1995, AADEBUG.

[20]  George C. Necula,et al.  CCured: type-safe retrofitting of legacy code , 2002, POPL '02.

[21]  Crispan Cowan,et al.  StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks , 1998, USENIX Security Symposium.

[22]  James Cheney,et al.  Cyclone: A Safe Dialect of C , 2002, USENIX Annual Technical Conference, General Track.

[23]  Matt Bishop,et al.  Testing C Programs for Buffer Overflow Vulnerabilities , 2003, NDSS.

[24]  Martin C. Rinard,et al.  Symbolic bounds analysis of pointers, array indices, and accessed memory regions , 2005, TOPL.

[25]  Akinori Yonezawa,et al.  Fail-Safe ANSI-C Compiler: An Approach to Making C Programs Secure: Progress Report , 2002, ISSS.

[26]  Daniel C. DuVarney,et al.  Address Obfuscation: An Efficient Approach to Combat a Broad Range of Memory Error Exploits , 2003, USENIX Security Symposium.

[27]  Satish Chandra,et al.  Coping with type casts in C , 1999, ESEC/FSE-7.

[28]  Crispin Cowan,et al.  FormatGuard: Automatic Protection From printf Format String Vulnerabilities , 2001, USENIX Security Symposium.

[29]  Harish Patil,et al.  Low-Cost, Concurrent Checking of Pointer and Array Accesses in C Programs , 1997, Softw. Pract. Exp..

[30]  Harish Patil,et al.  Low‐cost, Concurrent Checking of Pointer and Array Accesses in C Programs , 1997 .

[31]  Hans-Juergen Boehm,et al.  Garbage collection in an uncooperative environment , 1988, Softw. Pract. Exp..

[32]  Dawson R. Engler,et al.  ARCHER: using symbolic, path-sensitive analysis to detect memory access errors , 2003, ESEC/FSE-11.

[33]  Anne Rogers,et al.  Software caching and computation migration in Olden , 1995, PPOPP '95.

[34]  George C. Necula,et al.  CIL: Intermediate Language and Tools for Analysis and Transformation of C Programs , 2002, CC.