93,079 research outputs found
Shining Light On Shadow Stacks
Control-Flow Hijacking attacks are the dominant attack vector against C/C++
programs. Control-Flow Integrity (CFI) solutions mitigate these attacks on the
forward edge,i.e., indirect calls through function pointers and virtual calls.
Protecting the backward edge is left to stack canaries, which are easily
bypassed through information leaks. Shadow Stacks are a fully precise mechanism
for protecting backwards edges, and should be deployed with CFI mitigations. We
present a comprehensive analysis of all possible shadow stack mechanisms along
three axes: performance, compatibility, and security. For performance
comparisons we use SPEC CPU2006, while security and compatibility are
qualitatively analyzed. Based on our study, we renew calls for a shadow stack
design that leverages a dedicated register, resulting in low performance
overhead, and minimal memory overhead, but sacrifices compatibility. We present
case studies of our implementation of such a design, Shadesmar, on Phoronix and
Apache to demonstrate the feasibility of dedicating a general purpose register
to a security monitor on modern architectures, and the deployability of
Shadesmar. Our comprehensive analysis, including detailed case studies for our
novel design, allows compiler designers and practitioners to select the correct
shadow stack design for different usage scenarios.Comment: To Appear in IEEE Security and Privacy 201
A General Framework for Automatic Termination Analysis of Logic Programs
This paper describes a general framework for automatic termination analysis
of logic programs, where we understand by ``termination'' the finitenes s of
the LD-tree constructed for the program and a given query. A general property
of mappings from a certain subset of the branches of an infinite LD-tree into a
finite set is proved. From this result several termination theorems are
derived, by using different finite sets. The first two are formulated for the
predicate dependency and atom dependency graphs. Then a general result for the
case of the query-mapping pairs relevant to a program is proved (cf.
\cite{Sagiv,Lindenstrauss:Sagiv}). The correctness of the {\em TermiLog} system
described in \cite{Lindenstrauss:Sagiv:Serebrenik} follows from it. In this
system it is not possible to prove termination for programs involving
arithmetic predicates, since the usual order for the integers is not
well-founded. A new method, which can be easily incorporated in {\em TermiLog}
or similar systems, is presented, which makes it possible to prove termination
for programs involving arithmetic predicates. It is based on combining a finite
abstraction of the integers with the technique of the query-mapping pairs, and
is essentially capable of dividing a termination proof into several cases, such
that a simple termination function suffices for each case. Finally several
possible extensions are outlined
Symmetries and the cosmological constant puzzle
We outline the evaluation of the cosmological constant in the framework of
the standard field-theoretical treatment of vacuum energy and discuss the
relation between the vacuum energy problem and the gauge-group spontaneous
symmetry breaking. We suggest possible extensions of the 't Hooft-Nobbenhuis
symmetry, in particular, its complexification till duality symmetry and discuss
the compatible implementation on gravity. We propose to use the discrete
time-reflection transform to formulate a framework in which one can eliminate
the huge contributions of vacuum energy into the effective cosmological
constant and suggest that the breaking of time--reflection symmetry could be
responsible for a small observable value of this constant.Comment: 11 pages, more relevant refs, refining cutoff definition of
cosmological constant + eq.for regularized pressure adde
Shadow symbolic execution for better testing of evolving software
In this idea paper, we propose a novel way for improving the testing of program changes via symbolic execution. At a high-level, our technique runs two different program versions in the same symbolic execution instance, with the old version effectively shadowing the new one. In this way, the technique can exploit precise dynamic value information to effectively drive execution toward the behaviour that has changed from one version to the next. We discuss the main challenges and opportunities of this approach in terms of pruning and prioritising path exploration, mapping elements across versions, and sharing common symbolic state between versions. Copyright © 2014 ACM
- …