4,755 research outputs found
Validation of Memory Accesses Through Symbolic Analyses
International audienceThe C programming language does not prevent out-of- bounds memory accesses. There exist several techniques to secure C programs; however, these methods tend to slow down these programs substantially, because they populate the binary code with runtime checks. To deal with this prob- lem, we have designed and tested two static analyses - sym- bolic region and range analysis - which we combine to re- move the majority of these guards. In addition to the analy- ses themselves, we bring two other contributions. First, we describe live range splitting strategies that improve the effi- ciency and the precision of our analyses. Secondly, we show how to deal with integer overflows, a phenomenon that can compromise the correctness of static algorithms that validate memory accesses. We validate our claims by incorporating our findings into AddressSanitizer. We generate SPEC CINT 2006 code that is 17% faster and 9% more energy efficient than the code produced originally by this tool. Furthermore, our approach is 50% more effective than Pentagons, a state- of-the-art analysis to sanitize memory accesses
Towards Vulnerability Discovery Using Staged Program Analysis
Eliminating vulnerabilities from low-level code is vital for securing
software. Static analysis is a promising approach for discovering
vulnerabilities since it can provide developers early feedback on the code they
write. But, it presents multiple challenges not the least of which is
understanding what makes a bug exploitable and conveying this information to
the developer. In this paper, we present the design and implementation of a
practical vulnerability assessment framework, called Melange. Melange performs
data and control flow analysis to diagnose potential security bugs, and outputs
well-formatted bug reports that help developers understand and fix security
bugs. Based on the intuition that real-world vulnerabilities manifest
themselves across multiple parts of a program, Melange performs both local and
global analyses. To scale up to large programs, global analysis is
demand-driven. Our prototype detects multiple vulnerability classes in C and
C++ code including type confusion, and garbage memory reads. We have evaluated
Melange extensively. Our case studies show that Melange scales up to large
codebases such as Chromium, is easy-to-use, and most importantly, capable of
discovering vulnerabilities in real-world code. Our findings indicate that
static analysis is a viable reinforcement to the software testing tool set.Comment: A revised version to appear in the proceedings of the 13th conference
on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA),
July 201
Top of the Heap: Efficient Memory Error Protection for Many Heap Objects
Exploits against heap memory errors continue to be a major concern. Although
many defenses have been proposed, heap data are not protected from attacks that
exploit memory errors systematically. Research defenses focus on complete
coverage of heap objects, often giving up on comprehensive memory safety
protection and/or incurring high costs in performance overhead and memory
usage. In this paper, we propose a solution for heap memory safety enforcement
that aims to provide comprehensive protection from memory errors efficiently by
protecting those heap objects whose accesses are provably safe from memory
errors. Specifically, we present the Uriah system that statically validates
spatial and type memory safety for heap objects, isolating compliant objects on
a safe heap that enforces temporal type safety to prevent attacks on memory
reuse. Using Uriah, 71.9% of heap allocation sites can be shown to produce
objects (73% of allocations are found safe) that satisfy spatial and type
safety, which are then isolated using Uriah's heap allocator from memory
accesses via unsafe heap objects. Uriah only incurs 2.9% overhead and only uses
9.3% more memory on SPEC CPU2006 (C/C++) benchmarks, showing that many heap
objects can be protected from all classes of memory errors efficiently
A formally verified compiler back-end
This article describes the development and formal verification (proof of
semantic preservation) of a compiler back-end from Cminor (a simple imperative
intermediate language) to PowerPC assembly code, using the Coq proof assistant
both for programming the compiler and for proving its correctness. Such a
verified compiler is useful in the context of formal methods applied to the
certification of critical software: the verification of the compiler guarantees
that the safety properties proved on the source code hold for the executable
compiled code as well
- …