Architectural support for low overhead detection of memory violations

Proceedings -Design, Automation and Test in Europe, DATE

Volumn , Issue , 2009, Pages 652-657

  Ghose, Saugata ^a   Gilgeous, Latoya ^a   Dudnik, Polina ^a   Aggarwal, Aneesh ^a   Waxman, Corey ^a  

^a BINGHAMTON UNIVERSITY   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

BENCHMARKING;

ARCHITECTURAL SUPPORT; HARDWARE AND SOFTWARE; MEMORY REFERENCES; MICRO ARCHITECTURES; PRIVACY AND SECURITY; SAFETY INSTRUCTIONS; SOFTWARE MECHANISMS; VIOLATION DETECTIONS;

C++ (PROGRAMMING LANGUAGE);

EID: 70350057475     PISSN: 15301591     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/date.2009.5090747     Document Type: Conference Paper

References (37)

1. A. Aggarwal and K. Randall, "Related Field Analysis," Proc. of Programming Language Design and Implementation, 2001.
2. Aleph One, "Smashing The Stack For Fun and Profit," Phrack Volume Seven, Issue Forty-Nine, July 2003.
3. D.Arora, et al., "Architectural support for safe software execution on embedded processors," In Proc. If Int'l Conf. on Hardware/software codesign and system synthesis, 2006.
4. T. Austin, S. Breach, and G. Sohi, "Efficient Detection of All Pointer and Array Access Errors," Proc. Programming Language Design and Implementation (PLDI), 1994.
5. R. Bodik, R. Gupta, and V. Sarkar, "ABCD: Eliminating Array Bounds Checks on Demand," Proc. of PLDI, 2000.
6. D. Burger and T. M. Austin, "The SimpleScalar Tool Set, Version 2.0," Computer Arch. News. 1997.
7. M. Carlisle, "Olden: Parallelizing Programs with Dynamic Data Structures on Distributed-Memory Machines," PhD Thesis, Princeton University Department of Computer Science, June 1996.
8. Checker. http://www.gnu.org/software/checker/checker.html
9. W. Chen, "The VLSI Handbook," 2nd Edition, CRC Press, 2007.
10. J. Chow, et al., "Understanding data lifetime via whole system simulation," In Proc. of the USENIX Security Symp, 2004.
11. C. Cowan, et al., "StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks," Proc. USENIX Security Conf., 1998.
12. J. R. Crandall and F. T. Chong, "Minos: Control data attack prevention orthogonal to memory model," In Proc. Micro, 2004.
13. M. Dalton, et al., "Raksha: A flexible informatin flow architecture for software security," Proc. ISCA, 2007.
14. D. Dhurjati, et al., "Memory safety without garbage collection for embedded applications," ACM Trans. on Embedded Computing Sys, Feb. 2005.
15. D. Dhurjati and V. Adve, "Backwards-Compatible Array Bounds Checking for C with Very Low Overhead," Proc. Int'l Conf. on Software Engineering (ICSE), 2006.
16. N. Dor, M. Rodeh, and M. Sagiv, "CSSV: Towards a Realistic Tool for Statically Detecting All Buffer Overflows in C," Proc. PLDI, 2003.
17. V. Ganapathy, et al., "Buffer overrun detection using linear programming and static analysis," Proc. ACM Conf. on Comp. and Comm. Sec., 2003.
18. R. Hastings and B. Joyce, "Purify: Fast Detection of Memory Leaks and Access Errors," Proc. of the 1992 Winter Usenix Conference, 1992.
19. G.J. Holzmann, "The Logic of Bugs," In Proc. 10th ACM SIGSOFT Symposium on Foundations of Software Engineering (FSE), 2002.
20. iSec Security Research: Vulnerabilities 2004. http://www.isec.pl/ vulnerabilities04.html
21. T. Jim, et al., "Cyclone: A Safe Dialect of C," Proceedings of the USENIX Annual Technical Conference, June 2002.
22. R. Jones and P. Kelly, "Backwards-compatible bounds checking for arrays and pointers in C programs," Proc. of Int'l Workshop on Automated Debugging, May 1997.
23. E. Larson, "Efficient Dynamic Detection of Input Related Software Errors," PhD Dissertation, University of Michigan, 2004.
24. E. Marcus and H. Stern, "Blueprints for high availability," John Willey and Sons, 2000.
25. MS TechNet Security, http://www.microsoft.com/technet/Security/default. mspx
26. MITRE Corporation. CAN-2004-0416. Common Vulnerabilities and Exposures (CVE) (cve.mitre.org), 2004.
27. National Institute of Standards and Technology (NIST), Department of Commerce, "Software errors cost U.S. economy $59.5 billion annually," NIST News Release 2002-10, June 2002.
28. G. Necula, et al., "CCured: Type-Safe Retrofitting of Legacy Code," Proc. of the Symposium on Principles of Programming Languages, 2002.
29. B. Perens. Electric Fence. http://sunsite.unc.edu/pub/Linux/devel/lang/c/ ElectricFence.2.0.5.tar.gz
30. O. Ruwase and M. Lam, "A practical dynamic buffer overflow detector," Proc. of Network and Distributed System Security Symp., 2004.
31. N. Vachharajani, et al., "RIFLE: An architectural framework for usercentric information-flow security," In Proc. Micro, 2004.
32. Valgrind. http://valgrind.kde.org.
33. Y. Xie, A. Chou, D. Engler, "ARCHER: Using Symbolic, Path-sensitive Analysis to Detect Memory Access Errors," Proc. of 11th International Symposium on the Foundations of Software Engineering, Sep. 2003.
34. W. Xu, et al., "An efficient and backwards-compatible transformation to ensure memory safety of c programs," Proc. Symp. on Foundations of Software Engineering, 2004.
35. S. Yong and S. Horwitz, "Protecting C programs from attacks via invalid pointer dereferences," In Foundations of Software Engineering, 2003.
36. http://www.mcafee.com/us/local-content/white-papers/wp- ricochetbriefbuffer.pdf
37. J. Devietti, et al. "Hardbound: Architectural Support for Spatial Safety of the C Programming Language," Proc. ASPLOS 2008.