PAriCheck: An Efficient Pointer Arithmetic Checker for C Programs
Buffer overflows are still a significant problem in programs written in C and C++. In this paper we present a bounds checker, called PAriCheck, that inserts dynamic runtime checks to ensure that attackers are not able to abuse buffer overflow vulnerabilities. The main approach is based on checking pointer arithmetic rather than pointer dereferences when performing bounds checks. The checks are performed by assigning a unique label to each object and ensuring that the label is associated with each memory location that the object inhabits. Whenever pointer arithmetic occurs, the label of the base location is compared to the label of the re sulting arithmetic. If the labels differ, an out-ofbounds cal culation has occurred. Benchmarks show that PAriCheck has a very low performance overhead compared to simi lar bounds checkers. This paper demonstrates that using bounds checkers for programs or parts of programs running on high-security production systems is a realistic possibility.
buffer overflows bounds checking
Yves Younan Lorenzo Cavallaro Frank Piessens Pieter Philippaerts R. Sekar Wouter Joosen
Katholieke Universiteit Leuven Vrije Universiteit Amsterdam University of California at Santa Barbara Stony Brook University
国际会议
北京
英文
145-156
2010-04-13(万方平台首次上网日期,不代表论文的发表时间)