A fast and low-overhead technique to secure programs against integer overflows

Proceedings of the 2013 IEEE/ACM International Symposium on Code Generation and Optimization, CGO 2013

Volumn , Issue , 2013, Pages

  Rodrigues, Raphael Ernani ^a   Sperle Campos, Victor Hugo ^a   Quintao Pereira, Fernando Magno ^a  

^a FEDERAL UNIVERSITY OF MINAS GERAIS   (Brazil)

Author keywords

Compiler; Integer Overflow; Range analysis

Indexed keywords

COMPILER; DYNAMIC INSTRUMENTATION; INTEGER OVERFLOW; NOVEL TECHNIQUES; PRIMITIVE TYPES; RANGE ANALYSIS; RUNTIME OVERHEADS; UPPER AND LOWER BOUNDS;

ALGORITHMS; C (PROGRAMMING LANGUAGE); INSTRUMENTS; NETWORK COMPONENTS; OPTIMIZATION; PROGRAM COMPILERS;

INTEGER PROGRAMMING;

EID: 84876929848     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/CGO.2013.6494996     Document Type: Conference Paper

References (28)

1. Alfred V. Aho, Monica S. Lam, Ravi Sethi, and Jeffrey D. Ullman. Compilers: Principles, Techniques, and Tools (2nd Edition). Addison Wesley, 2006.
2. Rastislav Bodik, Rajiv Gupta, and Vivek Sarkar. ABCD: eliminating array bounds checks on demand. In PLDI, pages 321-333. ACM, 2000.
3. Benoit Boissinot, Sebastian Hack, Daniel Grund, Benoit Dupont de Dinechin, and Fabrice Rastello. Fast liveness checking for SSA-form programs. In CGO, pages 35-44. IEEE, 2008.
4. David Brumley, Dawn Xiaodong Song, Tzi cker Chiueh, Rob Johnson, and Huijia Lin. RICH: Automatically protecting against integer-based vulnerabilities. In NDSS. USENIX, 2007.
5. Ping Chen, YiWang, Zhi Xin, Bing Mao, and Li Xie. BRICK: A binary tool for run-time detecting and locating integerbased vulnerability. In ARES, pages 208-215, 2009.
6. Ramkumar Chinchani, Anusha Iyer, Bharat Jayaraman, and Shambhu Upadhyaya. ARCHERR: Runtime environment driven program safety. In European Symposium on Research in Computer Security. Springer, 2004.
7. Jong-Deok Choi, Ron Cytron, and Jeanne Ferrante. Automatic construction of sparse data flow evaluation graphs. In POPL, pages 55-66, 1991.
8. P. Cousot and R. Cousot. Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In POPL, pages 238-252. ACM, 1977.
9. P. Cousot and N. . Halbwachs. Automatic discovery of linear restraints among variables of a program. In POPL, pages 84-96. ACM, 1978.
10. Ron Cytron, Jeanne Ferrante, Barry K. Rosen, Mark N. Wegman, and F. Kenneth Zadeck. Efficiently computing static single assignment form and the control dependence graph. TOPLAS, 13(4):451-490, 1991.
11. Will Dietz, Peng Li, John Regehr, and Vikram Adve. Understanding integer overflow in c/c++. In ICSE, pages 760-770. IEEE, 2012.
12. Mark Dowson. The ariane 5 software failure. SIGSOFT Softw. Eng. Notes, 22(2):84-, 1997.
13. J. Ferrante, K. Ottenstein, and J. Warren. The program dependence graph and its use in optimization. TOPLAS, 9(3):319-349, 1987.
14. T. Gawlitza, J. Leroux, J. Reineke, H. Seidl, G. Sutre, and R. Wilhelm. Polynomial precise interval analysis revisited. Efficient Algorithms, 1:422-437, 2009.
15. John Gough and Herbert Klaeren. Eliminating range checks using static single assignment form. Technical report, Queensland University of Technology, 1994.
16. Lies Lakhdar-Chaouch, Bertrand Jeannet, and Alain Girault. Widening with thresholds for programs with complex control graphs. In ATVA, pages 492-502. Springer-Verlag, 2011.
17. Chris Lattner and Vikram S. Adve. LLVM: A compilation framework for lifelong program analysis & transformation. In CGO, pages 75-88. IEEE, 2004.
18. S. Mahlke, R. Ravindran, M. Schlansker, R. Schreiber, and T. Sherwood. Bitwidth cognizant architecture synthesis of custom hardware accelerators. Computer-Aided Design of Integrated Circuits and Systems, 20(11):1355-1371, 2001.
19. Antoine Miné. The octagon abstract domain. Higher Order Symbol. Comput. , 19:31-100, 2006.
20. David Molnar, Xue Cong Li, and David A. Wagner. Dynamic test generation to find integer bugs in x86 binary linux programs. In SSYM, pages 67-82. USENIX, 2009.
21. Nicholas Nethercote and Julian Seward. Valgrind: a framework for heavyweight dynamic binary instrumentation. In PLDI, pages 89-100. ACM, 2007.
22. Flemming Nielson, Hanne R. Nielson, and Chris Hankin. Principles of Program Analysis. Springer, 1999.
23. Jason R. C. Patterson. Accurate static branch prediction by value range propagation. In PLDI, pages 67-78. ACM, 1995.
24. Mark Stephenson, Jonathan Babb, and Saman Amarasinghe. Bitwidth analysis with application to silicon compilation. In PLDI, pages 108-120. ACM, 2000.
25. Zhendong Su and David Wagner. A class of polynomially solvable range constraints for interval analysis without widenings. Theoretical Computeter Science, 345(1):122-138, 2005.
26. T. Wang, T. Wei, Z. Lin, andW. Zou. Intscope: Automatically detecting integer overflow vulnerability in x86 binary using symbolic execution. In NDSS. Internet Society, 2009.
27. Henry S. Warren. Hacker's Delight. Addison-Wesley Longman Publishing Co. , Inc. , 2002.
28. Chao Zhang, Tielei Wang, Tao Wei, Yu Chen, and Wei Zou. Intpatch: automatically fix integer-overflow-to-bufferoverflow vulnerability at compile-time. In ESORICS, pages 71-86. Springer-Verlag, 2010.