Table of Contents
Advances in Software Engineering
Volume 2016 (2016), Article ID 9842936, 19 pages
http://dx.doi.org/10.1155/2016/9842936
Research Article

Tag-Protector: An Effective and Dynamic Detection of Illegal Memory Accesses through Compile Time Code Instrumentation

1Glasgow Caledonian University, Glasgow G4 0BA, UK
2Department of Computer Science, California State University San Marcos, San Marcos, CA 92069, USA
3School of Mathematical and Computer Sciences, Heriot-Watt University, Edinburgh EH14 4AS, UK

Received 29 September 2015; Accepted 18 April 2016

Academic Editor: Gerardo Canfora

Copyright © 2016 Ahmed Saeed et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Linked References

  1. E. Chien and P. Ször, “Blended attacks exploits, vulnerabilities, and buffer overflow techniques in computer viruses,” in Proceedings of the Virus Bulletin Conference, vol. 1, pp. 72–106, New Orleans, La, USA, 2002.
  2. Y. Younan, 25 Years of Vulnerabilities: 1988–2012, 2013.
  3. A. One, “Smashing the stack for fun and profit,” Phrack Magazine, vol. 7, no. 49, pp. 14–16, 1996. View at Google Scholar
  4. H. Shacham, “The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86),” in Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS '07), pp. 552–561, ACM, November 2007. View at Publisher · View at Google Scholar · View at Scopus
  5. T. Jim, G. Morrisett, D. Grossman, M. Hicks, J. Cheney, and Y. Wang, “Cyclone: a safe dialect of C,” in Proceedings of the USENIX Annual Technical Conference, General Track, pp. 275–288, June 2002.
  6. G. C. Necula, J. Condit, M. Harren, S. McPeak, and W. Weimer, “CCured: type-safe retrofitting of legacy software,” ACM Transactions on Programming Languages and Systems, vol. 27, no. 3, pp. 477–526, 2005. View at Publisher · View at Google Scholar · View at Scopus
  7. D. Dhurjati, S. Kowshik, V. Adve, and C. Lattner, “Memory safety without runtime checks or garbage collection,” in Proceedings of the ACM SIGPLAN Conference on Language, Compiler, and Tool for Embedded Systems (LCTES '03), pp. 69–80, New York, NY, USA, June 2003.
  8. D. Larochelle and D. Evans, “Statically detecting likely buffer overow vulnerabilities,” in Proceedings of the USENIX Security Symposium, vol. 32, Washington, DC, USA, 2001.
  9. O. Ruwase and M. S. Lam, “A practical dynamic buffer overow detector,” in Proceedings of the 11th Annual Network and Distributed System Security Symposium (NDSS '04), San Diego, Calif, USA, 2004.
  10. D. Dhurjati, S. Kowshik, and V. Adve, “Safecode: enforcing alias analysis for weakly typed languages,” in Proceedings of the 27th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI '06), pp. 144–157, ACM, Ottawa, Canada, June 2006.
  11. C. Cowan, C. Pu, D. Maier et al., “Stackguard: automatic adaptive detection and prevention of buffer-overow attacks,” in Proceedings of the USENIX Security Symposium, vol. 98, pp. 63–78, 1998.
  12. R. W. M. Jones and P. H. J. Kelly, “Backwards-compatible bounds checking for arrays and pointers in C programs,” in Proceedings of the 3rd International Workshop on Automatic Debugging, pp. 13–26, Linköping, Sweden, May 1997.
  13. D. Dhurjati and V. Adve, “Backwards-compatible array bounds checking for C with very low overhead,” in Proceedings of the 28th International Conference on Software Engineering (ICSE '06), pp. 162–171, ACM, May 2006. View at Scopus
  14. P. Akritidis, C. Cadar, C. Raiciu, M. Costa, and M. Castro, “Preventing memory error exploits with WIT,” in Proceedings of the IEEE Symposium on Security and Privacy (SP '08), pp. 263–277, IEEE, Oakland, Calif, USA, 2008.
  15. S. Nagarakatte, J. Zhao, M. M. K. Martin, and S. Zdancewic, “SoftBound: highly compatible and complete spatial memory safety for c,” ACM SIGPLAN Notices, vol. 44, no. 6, pp. 245–258, 2009. View at Publisher · View at Google Scholar
  16. P. Akritidis, M. Costa, M. Castro, and S. Hand, “Baggy bounds checking: an efficient and backwards-compatible defense against out-of-bounds errors,” in Proceedings of the USENIX Security Symposium, pp. 51–66, Montreal, Canada, August 2009.
  17. Y. Younan, P. Philippaerts, L. Cavallaro, R. Sekar, F. Piessens, and W. Joosen, “PAriCheck: an efficient pointer arithmetic checker for C programs,” in Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security (ASIACCS '10), pp. 145–156, ACM, April 2010. View at Publisher · View at Google Scholar · View at Scopus
  18. N. Hasabnis, A. Misra, and R. Sekar, “Light-weight bounds checking,” in Proceedings of the 10th International Symposium on Code Generation and Optimization (CGO '12), pp. 135–144, ACM, Austin, Tex, USA, April 2012. View at Publisher · View at Google Scholar · View at Scopus
  19. C. Lattner and V. Adve, “LLVM: a compilation framework for lifelong program analysis & transformation,” in Proceedings of the International Symposium on Code Generation and Optimization (CGO '04), pp. 75–86, March 2004. View at Publisher · View at Google Scholar · View at Scopus
  20. S. Nagarakatte, J. Zhao, M. M. K. Martin, and S. Zdancewic, “CETS: compiler enforced temporal safety for c,” in Proceedings of the ACM International Symposium on Memory Management (ISMM '10), pp. 31–40, New York, NY, USA, June 2010.
  21. M. C. Carlisle, Olden: parallelizing programs with dynamic data structures on distributed-memory machines [Ph.D. thesis], Princeton University, 1996.
  22. S. Lu, Z. Li, F. Qin, L. Tan, P. Zhou, and Y. Zhou, “Bugbench: benchmarks for evaluating bug detection tools,” in Proceedings of the Workshop on the Evaluation of Software Defect Detection Tools, pp. 1–5, 2005.
  23. J. L. Henning, “SPEC CPU2006 benchmark descriptions,” ACM SIGARCH Computer Architecture News, vol. 34, no. 4, pp. 1–17, 2006. View at Publisher · View at Google Scholar
  24. C. Bienia, S. Kumar, J. P. Singh, and K. Li, “The PARSEC benchmark suite: characterization and architectural implications,” in Proceedings of the 17th International Conference on Parallel Architectures and Compilation Techniques (PACT '08), pp. 72–81, ACM, Toronto, Canada, October 2008. View at Publisher · View at Google Scholar · View at Scopus
  25. SAFECode, Download: SAFECode for LLVM 3.2, 2006.
  26. J. Devietti, C. Blundell, M. M. K. Martin, and S. Zdancewic, “Hardbound: architectural support for spatial safety of the c programming language,” in Proceedings of the 13th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS XIII '08), pp. 103–114, ACM, Seattle, Wash, USA, 2008.
  27. D. Chisnall, C. Rothwell, R. N. M. Watson et al., “Beyond the PDP-11: architectural support for a memory-safe C abstract machine,” in Proceedings of the 20th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS '15), pp. 117–130, ACM, Istanbul, Turkey, March 2015. View at Publisher · View at Google Scholar · View at Scopus
  28. Intel's MPX, Intel Memory Protection Extensions Enabling Guide, 2016, https://software.intel.com/en-us/articles/intel-memory-protection-extensions-enabling-guide.
  29. G. Edward Suh, J. W. Lee, D. Zhang, and S. Devadas, “Secure program execution via dynamic information flow tracking,” ACM SIGARCH Computer Architecture News, vol. 32, no. 5, pp. 85–96, 2004. View at Publisher · View at Google Scholar
  30. I. Doudalis, J. Clause, G. Venkataramani, M. Prvulovic, and A. Orso, “Effective and efficient memory protection using dynamic tainting,” IEEE Transactions on Computers, vol. 61, no. 1, pp. 87–100, 2012. View at Publisher · View at Google Scholar · View at MathSciNet · View at Scopus
  31. V. P. Kemerlis, G. Portokalidis, K. Jee, and A. D. Keromytis, “Libdft: practical dynamic data ow tracking for commodity systems,” ACM SIGPLAN Notices, vol. 47, no. 7, pp. 121–132, 2012. View at Google Scholar
  32. R. Hastings and B. Joyce, “Purify: fast detection of memory leaks and access errors,” in Proceedings of the USENIX Winter 1992 Technical Conference, Citeseer, San Francisco, Calif, USA, 1991.
  33. N. Nethercote and J. Seward, “Valgrind: a framework for heavyweight dynamic binary instrumentation,” ACM Sigplan Notices, vol. 42, no. 6, pp. 89–100, 2007. View at Google Scholar
  34. D. Bruening and Q. Zhao, “Practical memory checking with Dr. Memory,” in Proceedings of the 9th Annual IEEE/ACM International Symposium on Code Generation and Optimization (CGO '11), pp. 213–223, IEEE, Chamonix, France, April 2011. View at Publisher · View at Google Scholar · View at Scopus
  35. K. Serebryany, D. Bruening, A. Potapenko, and D. Vyukov, “Addresssanitizer: a fast address sanity checker,” in Proceedings of the USENIX Conference on Annual Technical Conference (USENIX ATC '12 ), vol. 2012, p. 28, Boston, Mass, USA, June 2012.
  36. A. Baratloo, N. Singh, and T. Tsai, “Protecting critical elements of stacks,” White Paper, 1999, http://www.research.avayalabs.com/project/libsafe.
  37. H. Etoh and K. Yoda, “Propolice: improved stack-smashing attack detection,” in IPSJ SIGNotes Computer Security (CSEC), vol. 14, p. 25, 2001. View at Google Scholar
  38. Stack Shield: A stack smashing technique protection tool for Linux, 2001, http://www.angelfire.com/sk/stackshield/info.html.
  39. K. Avijit, P. Gupta, and D. Gupta, “Tied, libsafeplus: tools for runtime buffer overow protection,” in Proceedings of the USENIX Security Symposium, pp. 45–56, San Diego, Calif, USA, August 2004.
  40. K. Avijit, P. Gupta, and D. Gupta, “Binary rewriting and call interception for efficient runtime protection against buffer overflows,” Software: Practice and Experience, vol. 36, no. 9, pp. 971–998, 2006. View at Publisher · View at Google Scholar · View at Scopus
  41. D. Dhurjati and V. Adve, “Efficiently detecting all dangling pointer uses in production servers,” in Proceedings of the International Conference on Dependable Systems and Networks (DSN '06), pp. 269–280, Philadelphia, Pa, USA, June 2006. View at Publisher · View at Google Scholar
  42. J. Criswell, A. Lenharth, D. Dhurjati, and V. Adve, “Secure virtual architecture: a safe execution environment for commodity operating systems,” in Proceedings of the Twenty-First ACM SIGOPS Symposium on Operating Systems Principles (SOSP '07), pp. 351–366, ACM, New York, NY, USA, 2007. View at Publisher · View at Google Scholar
  43. W. Xu, D. C. DuVarney, and R. Sekar, “An efficient and backwards-compatible transformation to ensure memory safety of C programs,” in Proceedings of the 12th ACM SIGSOFT International Symposium on Foundations of Software Engineering (SIGSOFT '04/FSE-12), pp. 117–126, ACM, Newport Beach, Calif, USA, 2004.
  44. T. M. Austin, S. E. Breach, and G. S. Sohi, “Efficient detection of all pointer and array access errors,” in Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI '94), pp. 290–301, Orlando, Fla, USA, June 1994. View at Publisher · View at Google Scholar
  45. PointerChecker, Pointer Checker:Easily Catch Out-of-Bounds Memory Accesses, 2012.
  46. Y. Oiwa, “Implementation of the memory-safe full ANSI-C compiler,” in Proceedings of the 30th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI '09), pp. 259–269, Dublin, Ireland, June 2009. View at Publisher · View at Google Scholar · View at Scopus
  47. J. Wilander, N. Nikiforakis, Y. Younan, M. Kamkar, and W. Joosen, “RIPE: runtime intrusion prevention evaluator,” in Proceedings of the 27th Annual Computer Security Applications Conference (ACSAC '11), pp. 41–50, ACM, Austin, Tex, USA, December 2011. View at Publisher · View at Google Scholar · View at Scopus
  48. SoftBound+CETS. SoftBound+CETS: source code, 2014, https://www.cs.rutgers.edu/~santosh.nagarakatte/softbound/.
  49. SPEC, SPEC CPU2000: CINT200, 2000.