Protecting C Programs from Attacks via Invalid Pointer Dereferences

Proceedings of the Joint European Software Engineering Conference (ESEC) and SIGSOFT Symposium on the Foundations of Software Engineering (FSE-11)

Volumn , Issue , 2003, Pages 307-316

  Yong, Suan Hsi ^a   Horwitz, Susan ^a  

^a University of Wisconsin Madison   (United States)

Author keywords

Buffer overrun; Instrumentation; Security; Static analysis

Indexed keywords

CODES (SYMBOLS); COMPUTER PROGRAM LISTINGS; DATA ACQUISITION; REAL TIME SYSTEMS; SECURITY OF DATA; STANDARDS;

BUFFER OVERRUN; INSTRUMENTATION; STATIC ANALYSIS;

C (PROGRAMMING LANGUAGE);

EID: 1542376931     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/940112.940113     Document Type: Conference Paper

References (35)

1. Program Analysis and Specialization for the C Programming Language. Ph.D. thesis, DIKU, University of Copenhagen, May 1994. (DIKU report 94/19).
2. K. Ashcraft and D. Engler. Using programmer-written compiler extensions to catch security holes. In IEEE Symposium on Security and Privacy, May 2002.
3. T. Austin, S. Breach, and G. Sohi. Efficient detection of all pointer and array access errors. In ACM SIGPLAN Conf. on Programming Language Design and Implementation, pp. 290-201, Orlando, FL, June 1994.
4. T. Ball and S. Rajamani. The SLAM toolkit. In 13th Conf. on Computer Aided Verification, pp. 260-264, July 2001.
5. R. Bodik, R. Gupta, and V. Sarkar. ABCD: Eliminating array bounds checks on demand. In ACM SIGPLAN Conf. on Programming Language Design and Implementation, pp. 321-333, Vancouver, BC, June 2000.
6. W. Bush, J. Pincus, and D. Sielaff. A static analyazer for finding dynamic programming errors. Software-Practice and Experience, 30(7):775-802, June 2000.
7. cfingerd: Configurable finger daemon. http://www.infodrom.org/projects/cfingerd/
8. Ckit. http://www.smlnj.org/doc/ckit/
9. J. Condit, M. Harren, S. McPeak, G. Necula, and W. Weimer. CCured in the real world. In ACM SIGPLAN Conf. on Programming Language Design and Implementation, pp. 232-244, San Diego, CA, June 2003.
10. C. Cowan, C. Pu, D. Maier, H. Hinton, P. Bakke, S. Beattie, A. Grier, P. Wagle, and Q. Zhang. Automatic detection and prevention of buffer-overflow attacks. In 7th USENIX Security Symposium, San Antonio, TX, Jan. 1998.
11. M. Das. Unification-based pointer analysis with directional assignments. In ACM SIGPLAN Conf. on Programming Language Design and Implementation, pp. 35-46, Vancouver, BC, June 2000.
12. D. L. Detlefs, K. R. M. Leino, G. Nelson, and J. B. Saxe. Extended static checking. Tech. Report SRC-159, Compaq SRC, 1998.
13. N. Dor, M. Roden, and M. Sagiv. Cleanness checking of string manipulations in C programs via integer analysis. In The 8th International Static Analysis Symposium, volume 2126 of Lecture Notes in Computer Science, page 194. Springer, July 2001.
14. D. Evans. Static detection of dynamic memory errors. In ACM SIGPLAN Conf. on Programming Language Design and Implementation, pp. 44-53, Philadelphia, PA, May 1996.
15. R. Gupta. Optimizing array bound checks using flow analysis. ACM Letters on Programming Languages and Systems, 2(1-4):135-150, Mar.-Dec. 1993.
16. R. Hasting and B. Joyce. Purify: Fast detection of memory leaks and access errors. In Proceedings of the Winter Usenix Conference, 1992.
17. T. Jim, G. Morrisett, D. Grossman, M. Hicks, J. Cheney, and Y. Wang. Cyclone: A safe dialect of C. In USENIX Annual Technical Conference, Monterey, CA, June 2002.
18. P. Kolte and M. Wolfe. Elimination of redundant array subscript range checks. In ACM SIGPLAN Conf. on Programming Language Design and Implementation, pp. 270-278, La Jolla, CA, June 1995.
19. W. Landi and B. Ryder. A safe approximate algorithm for interprocedural pointer aliasing. In ACM SIGPLAN Conf. on Programming Language Design and Implementation, pp. 235-248, San Francisco, CA, June 1992.
20. A. Loginov, S. Yong, S. Horwitz, and T. Reps. Debugging via run-time type checking. In Fundamental Approaches to Software Engineering, volume 2029 of Lecture Notes in Computer Science, pp. 217-232. Springer, Apr. 2001.
21. M. Lujan, J. R. Gurd, T. L. Freeman, and J. Miguel. Elimination of Java array bounds checks in the presence of indirection. Tech. Report CSPP-13, Department of Computer Science, University of Manchester, Feb. 2002.
22. V. Markstein, J. Cocke, and P. Markstein. Optimization of range checking. In ACM SIGPLAN Symposium on Compiler Construction, SIGPLAN Notices 17(6), pp. 114-119, Boston, MA, June 1982.
23. G. Necula, S. McPeak, and W. Weimer. CCured: Type-safe retrofitting of legacy code. In ACM Symp. on Principles of Programming Languages, Portland, OR, Jan. 2002.
24. Openwall project linux kernel patches. http://www.openwall.com/
25. Packet storm. http://packetstormsecurity.org/
26. Parasoft. Insure-++: An automatic runtime error detection tool, http://www.parasoft.com/insure/
27. H. Patil and C. Fischer. Low-cost, concurrent checking of pointer and array accesses in C programs. Software-Practice and Experience, 27(1):87-110, Jan. 1997.
28. J. Seward. The design and implementation of Valgrind. http://developer.kde.org/̃sewardj/
29. N. P. Smith. Stack smashing vulnerabilities in the UNIX operating system. Technical report, Computer Science Department, Southern Connecticut State University, 1997.
30. Immunix Stack Guard. http://immunix.org/stackguard.html
31. Stack Shield. http://www.angelfire.com/sk/stackshield/
32. N. Suzuki and K. Ishihata. Implementation of an array bound checker. In ACM Symp. on Principles of Programming Languages, pp. 132-143, Los Angeles, CA, Jan. 1977.
33. D. Wagner, J. Foster, E. Brewer, and A. Aiken. A first step towards automated detection of buffer overrun vulnerabilities. In Symp. on Network and Distributed Systems Security, pp. 3-17, San Diego, CA, Feb. 2000.
34. R. Wilson and M. Lam. Efficient context-sensitive pointer analysis for c programs. In ACM SIGPLAN Conf. on Programming Language Design and Implementation, pp. 1-12, La Jolla, CA, June 1995.
35. S. Yong, S. Horwitz, and T. Reps. Pointer analysis for programs with structures and casting. In ACM SIGPLAN Conf. on Programming Language Design and Implementation, pp. 91-103, Atlanta, GA, May 1999.