ARCHERR: Runtime Environment Driven Program Safety

نویسندگان

  • Ramkumar Chinchani
  • Anusha Iyer
  • Bharat Jayaraman
  • Shambhu J. Upadhyaya
چکیده

Parameters of a program’s runtime environment such as the machine architecture and operating system largely determine whether a vulnerability can be exploited. For example, the machine word size is an important factor in an integer overflow attack and likewise the memory layout of a process in a buffer or heap overflow attack. In this paper, we present an analysis of the effects of a runtime environment on a language’s data types. Based on this analysis, we have developed Archerr, an automated one-pass source-to-source transformer that derives appropriate architecture dependent runtime safety error checks and inserts them in C source programs. Our approach achieves comprehensive vulnerability coverage against a wide array of program-level exploits including integer overflows/underflows. We demonstrate the efficacy of our technique on versions of C programs with known vulnerabilities such as Sendmail. We have benchmarked our technique and the results show that it is in general less expensive than other well-known runtime techniques, and at the same time requires no extensions to the C programming language. Additional benefits include the ability to gracefully handle arbitrary pointer usage, aliasing, and typecasting.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

PGAS in the Message-Driven Execution Model

Asynchrony is increasingly important for high performance on modern parallel machines. A common approach to providing asynchrony in PGAS languages is to add additional language constructs to support asynchronous execution. In this paper we describe Multiphase Shared Arrays (MSA), a restricted PGAS programming model that takes the opposite approach, layering PGAS semantics over a fundamentally a...

متن کامل

Multiple dispatch in reflective runtime environment

Message dispatch in object-oriented programming (OOP) involves target method lookup in dispatch table/tree. Reflective environment builds dispatch data-structure at runtime as types can be added at runtime. Hence, algorithms for reflective environments require dynamic data structure for dispatch. In this paper, we propose a tree-based algorithm for multiple dispatch in reflective runtime enviro...

متن کامل

Monitoring and Analyzing Service-Based Internet Systems through a Model-Aware Service Environment

As service-based Internet systems get increasingly complex they become harder to manage at design time as well as at runtime. Nowadays, many systems are described in terms of precisely specified models, e.g., in the context of model-driven development. By making the information in these models accessible at runtime, we provide better means for analyzing and monitoring the service-based systems....

متن کامل

Adapting Component-based User Interfaces at Runtime using Observers

Model-driven engineering (MDE) already plays a key role in Human-Computer Interaction for the automatic generation of end-user interfaces from their abstract and platform-independent specifications. Moreover, MDE techniques and tools are proving to be very useful for adapting at runtime the final user interfaces according to the current context properties: platform, user roles, component states...

متن کامل

Monitoring and Enforcement of Safety Hyperproperties

Certain important security policies such as information flow characterize system-wide behaviors and are not properties of individual executions. It is known that such security policies cannot be expressed in trace-based specification languages such as linear-time temporal logic (Ltl). However, formalisms such as hyperproperties and the associated logic HyperLTL allow us to specify such policies...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2004