ARCHERR: Runtime Environment Driven Program Safety
نویسندگان
چکیده
Parameters of a program’s runtime environment such as the machine architecture and operating system largely determine whether a vulnerability can be exploited. For example, the machine word size is an important factor in an integer overflow attack and likewise the memory layout of a process in a buffer or heap overflow attack. In this paper, we present an analysis of the effects of a runtime environment on a language’s data types. Based on this analysis, we have developed Archerr, an automated one-pass source-to-source transformer that derives appropriate architecture dependent runtime safety error checks and inserts them in C source programs. Our approach achieves comprehensive vulnerability coverage against a wide array of program-level exploits including integer overflows/underflows. We demonstrate the efficacy of our technique on versions of C programs with known vulnerabilities such as Sendmail. We have benchmarked our technique and the results show that it is in general less expensive than other well-known runtime techniques, and at the same time requires no extensions to the C programming language. Additional benefits include the ability to gracefully handle arbitrary pointer usage, aliasing, and typecasting.
منابع مشابه
PGAS in the Message-Driven Execution Model
Asynchrony is increasingly important for high performance on modern parallel machines. A common approach to providing asynchrony in PGAS languages is to add additional language constructs to support asynchronous execution. In this paper we describe Multiphase Shared Arrays (MSA), a restricted PGAS programming model that takes the opposite approach, layering PGAS semantics over a fundamentally a...
متن کاملMultiple dispatch in reflective runtime environment
Message dispatch in object-oriented programming (OOP) involves target method lookup in dispatch table/tree. Reflective environment builds dispatch data-structure at runtime as types can be added at runtime. Hence, algorithms for reflective environments require dynamic data structure for dispatch. In this paper, we propose a tree-based algorithm for multiple dispatch in reflective runtime enviro...
متن کاملMonitoring and Analyzing Service-Based Internet Systems through a Model-Aware Service Environment
As service-based Internet systems get increasingly complex they become harder to manage at design time as well as at runtime. Nowadays, many systems are described in terms of precisely specified models, e.g., in the context of model-driven development. By making the information in these models accessible at runtime, we provide better means for analyzing and monitoring the service-based systems....
متن کاملAdapting Component-based User Interfaces at Runtime using Observers
Model-driven engineering (MDE) already plays a key role in Human-Computer Interaction for the automatic generation of end-user interfaces from their abstract and platform-independent specifications. Moreover, MDE techniques and tools are proving to be very useful for adapting at runtime the final user interfaces according to the current context properties: platform, user roles, component states...
متن کاملMonitoring and Enforcement of Safety Hyperproperties
Certain important security policies such as information flow characterize system-wide behaviors and are not properties of individual executions. It is known that such security policies cannot be expressed in trace-based specification languages such as linear-time temporal logic (Ltl). However, formalisms such as hyperproperties and the associated logic HyperLTL allow us to specify such policies...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2004