Programs written in C and C++ are susceptible to a number of memory errors, including buffer overflows and dangling pointers. At best, these errors cause crashes or performance degradation. At worst, they enable security vulnerabilities, allowing denial-of-service or remote code execution. Existing runtime systems provide little protection against these errors. They allow minor errors to cause crashes and allow attackers to consistently exploit vulnerabilities. In this thesis, we introduce a series of runtime systems that protect deployed applications from memory errors. To guide the design of our systems, we analyze how errors interact with memory allocators to allow consistent exploitation of vulnerabilities. Our systems improve software in two ways: first, they tolerate memory errors, allowing programs to continue proper execution. Second, they decrease the probability of successfully exploiting security vulnerabilities caused by memory errors. Our first system, Archipelago, protects exceptionally sensitive server applications against severe errors using an object-per-page randomized allocator. It provides near-100% protection against most buffer overflows. Our second system, DieHarder, combines ideas from Archipelago, DieHard, and other systems to enable maximal protection against attacks while incurring minimal runtime and memory overhead. Our final system, Exterminator, automatically corrects heap-based buffer overflows and dangling pointers without requiring programmer intervention. Exterminator relies on both a low-overhead randomized allocator and statistical inference techniques to automatically isolate and correct errors in deployed applications.
Cited By
- Odaira R and Nakatani T Continuous object access profiling and optimizations to overcome the memory wall and bloat Proceedings of the seventeenth international conference on Architectural Support for Programming Languages and Operating Systems, (147-158)
- Odaira R and Nakatani T (2012). Continuous object access profiling and optimizations to overcome the memory wall and bloat, ACM SIGARCH Computer Architecture News, 40:1, (147-158), Online publication date: 18-Apr-2012.
- Odaira R and Nakatani T (2012). Continuous object access profiling and optimizations to overcome the memory wall and bloat, ACM SIGPLAN Notices, 47:4, (147-158), Online publication date: 1-Jun-2012.
Recommendations
Hardening binaries against more memory errors
EuroSys '22: Proceedings of the Seventeenth European Conference on Computer SystemsMemory errors, such as buffer overflows and use-after-free, remain the root cause of many security vulnerabilities in modern software. The use of closed source software further exacerbates the problem, as source-based memory error mitigation cannot be ...
DoS Attacks on Your Memory in Cloud
ASIA CCS '17: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications SecurityIn cloud computing, network Denial of Service (DoS) attacks are well studied and defenses have been implemented, but severe DoS attacks on a victim's working memory by a single hostile VM are not well understood. Memory DoS attacks are Denial of Service (...
Defeating Memory Corruption Attacks via Pointer Taintedness Detection
DSN '05: Proceedings of the 2005 International Conference on Dependable Systems and NetworksMost malicious attacks compromise system security through memory corruption exploits. Recently proposed techniques attempt to defeat these attacks by protecting program control data. We have constructed a new class of attacks that can compromise network ...