research-article

Heap bounds protection with low fat pointers

Authors:

Gregory J. Duck,

Roland H. C. YapAuthors Info & Claims

CC '16: Proceedings of the 25th International Conference on Compiler Construction

Pages 132 - 142

https://doi.org/10.1145/2892208.2892212

Published: 17 March 2016 Publication History

Abstract

Heap buffer overflow (underflow) errors are a common source of security vulnerabilities. One prevention mechanism is to add object bounds meta information and to instrument the program with explicit bounds checks for all memory access. The so-called "fat pointers" approach is one method for maintaining and propagating the meta information where native machine pointers are replaced with "fat" objects that explicitly store object bounds. Another approach is "low fat pointers", which encodes meta information within a native pointer itself, eliminating space overheads and also code compatibility issues. This paper presents a new low-fat pointer encoding that is fully compatible with existing libraries (e.g. pre-compiled libraries unaware of the encoding) and standard hardware (e.g. x86_64). We show that our approach has very low memory overhead, and competitive with existing state-of-the-art bounds instrumentation solutions.

References

[1]

P. Akritidis, M. Costa, M. Castro, and S. Hand. Baggy Bounds Checking: An Efficient and Backwards-Compatible Defense Against Out-of-Bounds Errors. In USENIX Security. USENIX, 2009.

Digital Library

[2]

T. Austin, S. Breach, and G. Sohi. Efficient Detection of All Pointer and Array Access Errors. In Programming Language Design and Implementation. ACM, 1994.

Digital Library

[3]

B. Ding, Y. He, Y. Wu, A. Miller, and J. Criswell. Baggy Bounds with Accurate Checking. In Software Reliability Engineering Workshops, 2012.

Digital Library

[4]

F. Eigler. Mudflap: Pointer Use Checking for C/C++. In GCC Developerś Summit, 2003.

[5]

Intel Corporation. Intel 64 and IA-32 Architectures Optimization Reference Manual, 2016.

[6]

T. Jim, G. Morrisett, D. Grossman, M. Hicks, J. Cheney, and Y. Wang. Cyclone: A Safe Dialect of C. In Annual Technical Conference. USENIX, 2002.

Digital Library

[7]

A. Kwon, U. Dhawan, J. Smith, T. Knight, and A. DeHon. Low-fat Pointers: Compact Encoding and Efficient Gate-level Implementation of Fat Pointers for Spatial Safety and Capability-based Security. In Computer and Communications Security. ACM, 2013.

Digital Library

[8]

LLVM. http://llvm.org, 2016.

[9]

S. Nagarakatte. Practical Low-overhead Enforcement of Memory Safety for C Programs. PhD thesis, 2012.

Digital Library

[10]

S. Nagarakatte, Z. Santosh, M. Jianzhou, M. Milo, and S. Zdancewic. SoftBound: Highly Compatible and Complete Spatial Memory Safety for C. In Programming Language Design and Implementation. ACM, 2009.

Digital Library

[11]

G. Necula, J. Condit, M. Harren, S. McPeak, and W. Weimer. CCured: Type-safe Retrofitting of Legacy Software. Transactions on Programming Languages and Systems, 27(3), 2005.

Digital Library

[12]

O. Ruwase and M. S. Lam. A Practical Dynamic Buffer Overflow Detector. In Network and Distributed System Security, 2004.

[13]

K. Serebryany, D. Bruening, A. Potapenko, and D. Vyukov. Address-Sanitizer: A Fast Address Sanity Checker. In Annual Technical Conference. USENIX, 2012.

Digital Library

[14]

SPEC. https://www.spec.org/cpu2006/, 2016.

[15]

L. Szekeres, M. Payer, T. Wei, and D. Song. SoK: Eternal War in Memory. In Security and Privacy, 2013.

Digital Library

[16]

V. van der Veen, N. Dutt-Sharma, L. Cavallaro, and H. Bos. Memory Errors: The Past, the Present, and the Future. In Research in Attacks, Intrusions, and Defenses. Springer, 2012.

Digital Library

[17]

Y. Younan, P. Philippaerts, L. Cavallaro, R. Sekar, F. Piessens, and W. Joosen. PAriCheck: An Efficient Pointer Arithmetic Checker for C Programs. In Information, Computer and Communications Security. ACM, 2010.

Digital Library

Cited By

Lin ZYu ZGuo ZCampanoni SDinda PXing XBalzarotti DXu W(2024)CAMPProceedings of the 33rd USENIX Conference on Security Symposium10.5555/3698900.3699125(4015-4032)Online publication date: 14-Aug-2024
https://dl.acm.org/doi/10.5555/3698900.3699125
Zhai YQian ZSong CSridharan MJaeger TYu PKrishnamurthy SBalzarotti DXu W(2024)Don't waste my effortsProceedings of the 33rd USENIX Conference on Security Symposium10.5555/3698900.3698980(1419-1434)Online publication date: 14-Aug-2024
https://dl.acm.org/doi/10.5555/3698900.3698980
Jacobs AVolckaert SDoupé AMilburn A(2024)Not quite writeProceedings of the 18th USENIX Conference on Offensive Technologies10.5555/3696933.3696946(171-187)Online publication date: 12-Aug-2024
https://dl.acm.org/doi/10.5555/3696933.3696946
Show More Cited By

Index Terms

Heap bounds protection with low fat pointers

Recommendations

In-fat pointer: hardware-assisted tagged-pointer spatial memory safety defense with subobject granularity protection
ASPLOS '21: Proceedings of the 26th ACM International Conference on Architectural Support for Programming Languages and Operating Systems

Programming languages like C and C++ are not memory-safe because they provide programmers with low-level pointer manipulation primitives. The incorrect use of these primitives can result in bugs and security vulnerabilities: for example, spatial memory ...
Low-fat pointers: compact encoding and efficient gate-level implementation of fat pointers for spatial safety and capability-based security
CCS '13: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security

Referencing outside the bounds of an array or buffer is a common source of bugs and security vulnerabilities in today's software. We can enforce spatial safety and eliminate these violations by inseparably associating bounds with every pointer (fat ...
Delta pointers: buffer overflow checks without the checks
EuroSys '18: Proceedings of the Thirteenth EuroSys Conference

Despite decades of research, buffer overflows still rank among the most dangerous vulnerabilities in unsafe languages such as C and C++. Compared to other memory corruption vulnerabilities, buffer overflows are both common and typically easy to exploit. ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CC '16: Proceedings of the 25th International Conference on Compiler Construction

March 2016

270 pages

ISBN:9781450342414

DOI:10.1145/2892208

General Chair:
Ayal Zaks
Intel, Israel / Technion, Israel
,
Program Chair:
Manuel Hermenegildo
IMDEA SW Institute, Spain / T.U. Madrid-UPM, Spain

Copyright © 2016 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

In-Cooperation

IEEE-CS: Computer Society

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 17 March 2016

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CGO '16

Sponsor:

CGO '16: 14th Annual IEEE/ACM International Symposium on Code Generation and Optimization

March 17 - 18, 2016

Barcelona, Spain

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

68
Total Citations
View Citations
788
Total Downloads

Downloads (Last 12 months)44
Downloads (Last 6 weeks)0

Reflects downloads up to 08 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Lin ZYu ZGuo ZCampanoni SDinda PXing XBalzarotti DXu W(2024)CAMPProceedings of the 33rd USENIX Conference on Security Symposium10.5555/3698900.3699125(4015-4032)Online publication date: 14-Aug-2024
https://dl.acm.org/doi/10.5555/3698900.3699125
Zhai YQian ZSong CSridharan MJaeger TYu PKrishnamurthy SBalzarotti DXu W(2024)Don't waste my effortsProceedings of the 33rd USENIX Conference on Security Symposium10.5555/3698900.3698980(1419-1434)Online publication date: 14-Aug-2024
https://dl.acm.org/doi/10.5555/3698900.3698980
Jacobs AVolckaert SDoupé AMilburn A(2024)Not quite writeProceedings of the 18th USENIX Conference on Offensive Technologies10.5555/3696933.3696946(171-187)Online publication date: 12-Aug-2024
https://dl.acm.org/doi/10.5555/3696933.3696946
Wei JChen P(2024)DSLR–Journal of Computer Security10.3233/JCS-23005332:3(221-246)Online publication date: 17-Jun-2024
https://dl.acm.org/doi/10.3233/JCS-230053
Huang KPayer MQian ZSampson JTan GJaeger TLuo BLiao XXu JKirda ELie D(2024)Top of the Heap: Efficient Memory Error Protection of Safe Heap ObjectsProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3690310(1330-1344)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3690310
Sharma ASharma STanksalkar STorres-Arias SMachiry ALuo BLiao XXu JKirda ELie D(2024)Rust for Embedded Systems: Current State and Open ProblemsProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3690275(2296-2310)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3690275
Du YGuo YZhang YYang J(2024)RTT-UAF: Reuse Time Tracking for Use-After-Free DetectionProceedings of the 38th ACM International Conference on Supercomputing10.1145/3650200.3656606(376-387)Online publication date: 30-May-2024
https://dl.acm.org/doi/10.1145/3650200.3656606
Kang JPark JSeo JKwon DDe V(2024)Look Before You Access: Efficient Heap Memory Safety for Embedded Systems on ARMv8-MProceedings of the 61st ACM/IEEE Design Automation Conference10.1145/3649329.3655949(1-6)Online publication date: 23-Jun-2024
https://dl.acm.org/doi/10.1145/3649329.3655949
Chen ZYan RMa YSui YXue J(2024)A Smart Status Based Monitoring Algorithm for the Dynamic Analysis of Memory SafetyACM Transactions on Software Engineering and Methodology10.1145/363722733:4(1-47)Online publication date: 17-Apr-2024
https://dl.acm.org/doi/10.1145/3637227
Khan SChatterjee BPande STsafrir DMusuvathi MGupta RAbu-Ghazaleh N(2024)Pythia: Compiler-Guided Defense Against Non-Control Data AttacksProceedings of the 29th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 310.1145/3620666.3651343(850-866)Online publication date: 27-Apr-2024
https://dl.acm.org/doi/10.1145/3620666.3651343
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten