46,688 research outputs found
Lockdown: Dynamic Control-Flow Integrity
Applications written in low-level languages without type or memory safety are
especially prone to memory corruption. Attackers gain code execution
capabilities through such applications despite all currently deployed defenses
by exploiting memory corruption vulnerabilities. Control-Flow Integrity (CFI)
is a promising defense mechanism that restricts open control-flow transfers to
a static set of well-known locations. We present Lockdown, an approach to
dynamic CFI that protects legacy, binary-only executables and libraries.
Lockdown adaptively learns the control-flow graph of a running process using
information from a trusted dynamic loader. The sandbox component of Lockdown
restricts interactions between different shared objects to imported and
exported functions by enforcing fine-grained CFI checks. Our prototype
implementation shows that dynamic CFI results in low performance overhead.Comment: ETH Technical Repor
Cuckoo: a Language for Implementing Memory- and Thread-safe System Services
This paper is centered around the design of a thread- and memory-safe language, primarily for the compilation of application-specific services for extensible operating systems. We describe various issues that have influenced the design of our language, called Cuckoo, that guarantees safety of programs with potentially asynchronous flows of control. Comparisons are drawn between Cuckoo and related software safety techniques, including Cyclone and software-based fault isolation (SFI), and performance results suggest our prototype compiler is capable of generating safe code that executes with low runtime overheads, even without potential code optimizations. Compared to Cyclone, Cuckoo is able to safely guard accesses to memory when programs are multithreaded. Similarly, Cuckoo is capable of enforcing memory safety in situations that are potentially troublesome for techniques such as SFI
A fine-grain time-sharing Time Warp system
Although Parallel Discrete Event Simulation (PDES) platforms relying on the Time Warp (optimistic) synchronization
protocol already allow for exploiting parallelism, several techniques have been proposed to
further favor performance. Among them we can mention optimized approaches for state restore, as well as
techniques for load balancing or (dynamically) controlling the speculation degree, the latter being specifically
targeted at reducing the incidence of causality errors leading to waste of computation. However, in
state of the art Time Warp systems, events’ processing is not preemptable, which may prevent the possibility
to promptly react to the injection of higher priority (say lower timestamp) events. Delaying the processing
of these events may, in turn, give rise to higher incidence of incorrect speculation. In this article we present
the design and realization of a fine-grain time-sharing Time Warp system, to be run on multi-core Linux
machines, which makes systematic use of event preemption in order to dynamically reassign the CPU to
higher priority events/tasks. Our proposal is based on a truly dual mode execution, application vs platform,
which includes a timer-interrupt based support for bringing control back to platform mode for possible CPU
reassignment according to very fine grain periods. The latter facility is offered by an ad-hoc timer-interrupt
management module for Linux, which we release, together with the overall time-sharing support, within the
open source ROOT-Sim platform. An experimental assessment based on the classical PHOLD benchmark and
two real world models is presented, which shows how our proposal effectively leads to the reduction of the
incidence of causality errors, as compared to traditional Time Warp, especially when running with higher
degrees of parallelism
EffectiveSan: Type and Memory Error Detection using Dynamically Typed C/C++
Low-level programming languages with weak/static type systems, such as C and
C++, are vulnerable to errors relating to the misuse of memory at runtime, such
as (sub-)object bounds overflows, (re)use-after-free, and type confusion. Such
errors account for many security and other undefined behavior bugs for programs
written in these languages. In this paper, we introduce the notion of
dynamically typed C/C++, which aims to detect such errors by dynamically
checking the "effective type" of each object before use at runtime. We also
present an implementation of dynamically typed C/C++ in the form of the
Effective Type Sanitizer (EffectiveSan). EffectiveSan enforces type and memory
safety using a combination of low-fat pointers, type meta data and type/bounds
check instrumentation. We evaluate EffectiveSan against the SPEC2006 benchmark
suite and the Firefox web browser, and detect several new type and memory
errors. We also show that EffectiveSan achieves high compatibility and
reasonable overheads for the given error coverage. Finally, we highlight that
EffectiveSan is one of only a few tools that can detect sub-object bounds
errors, and uses a novel approach (dynamic type checking) to do so.Comment: To appear in the Proceedings of 39th ACM SIGPLAN Conference on
Programming Language Design and Implementation (PLDI2018
- …