PAriCheck: An efficient pointer arithmetic checker for C programs

Proceedings of the 5th International Symposium on Information, Computer and Communications Security, ASIACCS 2010

Volumn , Issue , 2010, Pages 145-156

  Younan, Yves ^a   Philippaerts, Pieter ^a   Cavallaro, Lorenzo ^b   Sekar, R ^c   Piessens, Frank ^a   Joosen, Wouter ^a  

^a UNIVERSITY OF LEUVEN   (Belgium)

^b VU UNIVERSITY AMSTERDAM   (Netherlands)

^c STONY BROOK UNIVERSITY   (United States)

Author keywords

bounds checking; buffer overflows

Indexed keywords

BOUNDS CHECK; BUFFER OVERFLOWS; C PROGRAMS; MEMORY LOCATIONS; POINTER ARITHMETIC; PRODUCTION SYSTEM; RUN-TIME CHECKS;

BUFFER STORAGE; LABELS;

COMPUTER SOFTWARE;

EID: 77954495640     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1755688.1755707     Document Type: Conference Paper

References (46)

1. Martin Abadi, Mihai Budiu, Úlfar Erlingsson, and Jay Ligatti. Control-flow integrity. In Proceedings of the 12th ACM Conference on Computer and Communications Security, pages 340-353, Alexandria, VA, November 2005.
2. Periklis Akritidis, Cristian Cadar, Costin Raiciu, Manuel Costa, and Miguel Castro. Preventing memory error exploits with WIT. In Proceedings of the 2008 IEEE Symposium on Security and Privacy, Oakland, CA, May 2008.
3. Periklis Akritidis, Manuel Costa, Miguel Castro, and Steven Hand. Baggy bounds checking: An efficient and backwards-compatible defense against out-of-bounds errors. In Proceedings of the 18th USENIX Security Symposium, Montreal, QC, August 2009.
4. Aleph1. Smashing the stack for fun and profit. Phrack, 49, 1996.
5. Todd M. Austin, Scott E. Breach, and Gurindar S. Sohi. Efficient detection of all pointer and array access errors. In Proceedings of the Conference on Programming Language Design and Implementation, pages 290-301, Orlando, FL, June 1994.
6. Elena Gabriela Barrantes, David H. Ackley, Stephanie Forrest, Trek S. Palmer, Darko Stefanović, and Dino Dai Zovi. Randomized instruction set emulation to disrupt binary code injection attacks. In Proceedings of the 10th ACM Conference on Computer and Communications Security, pages 281-289, Washington, D.C., October 2003.
7. Sandeep Bhatkar, Daniel C. DuVarney, and R. Sekar. Address obfuscation: An efficient approach to combat a broad range of memory error exploits. In Proceedings of the 12th USENIX Security Symposium, pages 105-120, Washington, D.C., August 2003.
8. Sandeep Bhatkar and R. Sekar. Data space randomization. In Proceedings of the 5th Conference on Detection of Intrusions and Malware & Vulnerability Assessment, volume 5137 of Lecture Notes in Computer Science, Paris, France, July 2008.
9. Sandeep Bhatkar, R. Sekar, and Daniel C. DuVarney. Efficient techniques for comprehensive protection from memory error exploits. In 14th USENIX Security Symposium, Baltimore, MD, August 2005.
10. blexim. Basic integer overflows. Phrack, 60, December 2002.
11. Ratislav Bodik, Rajiv Gupta, and Vivek Sarkar. ABCD: Eliminating array-bounds checks on demand. In Proceedings of the Conference on Programming Language Design and Implementation, pages 321-333, Vancouver, BC, June 2000.
12. Shuo Chen, Jun Xu, Emre C. Sezer, Prachi Gauriar, and Ravishankar K. Iyer. Non-control-data attacks are realistic threats. In Proceedings of the 14th USENIX Security Symposium, Baltimore, MD, August 2005.
13. T. Chiueh and Fu-Hau Hsu. RAD: A compile-time solution to buffer overflow attacks. In Proceedings of the 21st International Conference on Distributed Computing Systems, pages 409-420, Phoenix, AZ, April 2001.
14. James Clause, Ioannis Doudalis, Alessandro Orso, and Milos Prvulovic. Effective memory protection using dynamic tainting. In Proceedings of the 22nd IEEE and ACM International Conference on Automated Software Engineering (ASE 2007), pages 284-292, Atlanta, GA, November 2007.
15. Jeremy Condit, Matthew Harren, Scott McPeak, George C. Necula, and Westley Weimer. CCured in the real world. In Proceedings of the Conference on Programming Language Design and Implementation, pages 232-244, San Diego, CA, 2003.
16. Crispin Cowan, Steve Beattie, John Johansen, and Perry Wagle. PointGuard: protecting pointers from buffer overow vulnerabilities. In Proceedings of the 12th USENIX Security Symposium, pages 91-104, Washington, D.C., August 2003.
17. Crispin Cowan, Calton Pu, Dave Maier, Heather Hinton, Jonathan Walpole, Peat Bakke, Steve Beattie, Aaron Grier, Perry Wagle, and Qian Zhang. StackGuard: Automatic adaptive detection and prevention of buffer-overflow attacks. In Proceedings of the 7th USENIX Security Symposium, pages 63-78, San Antonio, TX, January 1998.
18. Dinakar Dhurjati and Vikram Adve. Backwards-compatible array bounds checking for C with very low overhead. In Proceeding of the 28th international conference on Software engineering, pages 162-171, Shanghai, China, 2006.
19. Dinakar Dhurjati, Sumant Kowshik, Vikram Adve, and Chris Lattner. Memory safety without runtime checks or garbage collection. In Proceedings of the 2003 Conference on Language, Compiler, and Tool Support for Embedded Systems, pages 69-80, San Diego, CA, June 2003.
20. Úlfar Erlingsson, Yves Younan, and Frank Piessens. Low-level software security by example. In Handbook of Information and Communication Security. Springer, 2010.
21. Hiroaki Etoh and Kunikazu Yoda. Protecting from stack-smashing attacks. Technical report, IBM Research Tokyo, June 2000.
22. Dan Grossman, Greg Morrisett, Trevor Jim, Michael Hicks, Yanling Wang, and James Cheney. Region-based memory management in Cyclone. In Proceedings of the Conference on Programming Language Design and Implementation, pages 282-293, Berlin, Germany, June 2002.
23. Trevor Jim, Greg Morrisett, Dan Grossman, Michael Hicks, James Cheney, and Yanling Wang. Cyclone: A safe dialect of C. In USENIX Annual Technical Conference, pages 275-288, Monterey, CA, June 2002.
24. Richard W. M. Jones and Paul H. J. Kelly. Backwards-compatible bounds checking for arrays and pointers in C programs. In Proceedings of the 3rd International Workshop on Automatic Debugging, pages 13-26, Linköping, Sweden, 1997.
25. JTC 1/SC 22/WG 14. ISO/IEC 9899:1999: Programming languages - C. Technical report, International Organization for Standards, 1999.
26. Gaurav S. Kc, Angelos D. Keromytis, and Vassilis Prevelakis. Countering code-injection attacks with instruction-set randomization. In Proceedings of the 10th ACM Conference on Computer and Communications Security, pages 272-280, Washington, D.C., October 2003.
27. Sumant Kowshik, Dinakar Dhurjati, and Vikram Adve. Ensuring code safety without runtime checks for real-time control systems. In Proceedings of the International Conference on Compilers Architecture and Synthesis for Embedded Systems, pages 288-297, Grenoble, France, October 2002.
28. Andreas Krennmair. ContraPolice: a libc extension for protecting applications from heap-smashing attacks, November 2003.
29. James R. Larus, Thomas Ball, Manuvir Das, Robert DeLine, Manuel Fähndrich, Jon Pincus, Sriram K. Rajamani, and Ramanathan Venkatapathy. Righting software. IEEE Software, 21(3):92-100, May 2004.
30. Santosh Nagarakatte, Jianzhou Zhao, Milo M. K. Martin, and Steve Zdancewic. Softbound: Highly compatible and complete spatial memory safety for c. In Proceedings of the Conference on Programming Language Design and Implementation, pages 245-258, Dublin, Ireland, June 2009.
31. National Institute of Standards and Technology. National vulnerability database statistics. http://nvd.nist.gov/statistics.cfm.
32. George Necula, Scott McPeak, and Westley Weimer. CCured: Type-safe retrofitting of legacy code. In Conference Record of POPL 2002: The 29th SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pages 128-139, Portland, OR, January 2002.
33. George C. Necula, Scott McPeak, S. P. Rahul, and Westley Weimer. Cil: Intermediate language and tools for analysis and transformation of c programs. In Proceedings of the Conference on Compiler Construction (CC'02), volume 2304 of Lecture Notes in Computer Science, pages 213-228, Grenoble, France, March 2002.
34. Yutaka Oiwa. Implementation of the memory-safe full ansi-c compiler. In Proceedings of the Conference on Programming Language Design and Implementation, pages 259-269, Dublin, Ireland, June 2009.
35. William Robertson, Christopher Kruegel, Darren Mutz, and Frederik Valeur. Run-time detection of heap-based overflows. In Proceedings of the 17th Large Installation Systems Administrators Conference, pages 51-60, San Diego, CA, October 2003.
36. Olatunji Ruwase and Monica S. Lam. A practical dynamic buffer overflow detector. In Proceedings of the 11th Annual Network and Distributed System Security Symposium, San Diego, CA, February 2004.
37. Hovav Shacham. The geometry of innocent flesh on the bone: Return-into-libc without function calls (on the x86). In Proceedings of the 14th ACM conference on Computer and communications security, pages 552-561, Washington, D.C.,, October 2007.
38. Joseph L. Steffen. Adding run-time checking to the portable C compiler. Software: Practice and Experience, 22(4):305-316, April 1992.
39. Raoul Strackx, Yves Younan, Pieter Philippaerts, Frank Piessens, Sven Lachmund, and Thomas Walter. Breaking the memory secrecy assumption. In Proceedings of the Second European Workshop on System Security, Nuremburg, Germany, 2009.
40. The PaX Team. Documentation for the PaX project.
41. Vendicator. Documentation for stackshield.
42. Jun Xu, Zbigniew Kalbarczyk, and Ravishankar K. Iyer. Transparent runtime randomization for security. In 22nd International Symposium on Reliable Distributed Systems (SRDS'03), pages 260-269, Florence, Italy, October 2003. IEEE Press.
43. Wei Xu, Daniel C. DuVarney, and R. Sekar. An Efficient and Backwards-Compatible Transformation to Ensure Memory Safety of C Programs. In Proceedings of the 12th ACM SIGSOFT International Symposium on Foundations of Software Engineering, pages 117-126, Newport Beach, CA, October 2004.
44. Yves Younan, Wouter Joosen, and Frank Piessens. Code injection in C and C++ : A survey of vulnerabilities and countermeasures. Technical Report CW386, Departement Computerwetenschappen, Katholieke Universiteit Leuven, July 2004.
45. Yves Younan, Wouter Joosen, and Frank Piessens. Efficient protection against heap-based buffer overflows without resorting to magic. In Proceedings of the International Conference on Information and Communication Security, Raleigh, NC, December 2006.
46. Yves Younan, Davide Pozza, Frank Piessens, and Wouter Joosen. Extended protection against stack smashing attacks without performance loss. In Proceedings of the Twenty-Second Annual Computer Security Applications Conference, Miami, FL, December 2006.