ARCHERR: Runtime Environment Driven Program Safety
Author
Chinchani, Ramkumar; Iyer, Anusha; Jayaraman, Bharat; Upadhyaya, Shambhu
Abstract
Parameters of a program's runtime environment such as the machine architecture and opening system largely determine whether a vulnerability can be exploited. For example, the machine word size is an important factor in an integer overflow attack and likewise the memory layout of a process in a buffer or heap overflow attack. In this paper, we present an analysis of the effects of a runtime environment on a language's data types. Based on this analysis, we have developed Archerr, an automated one-pass source-to-source transformer that derives appropriate architecture dependant runtime safety error checks and inserts them in C source programs. Our approach achieves comprehensive vulnerability coverage against a wide array of program-level exploits including integer overflows/underflows. We demonstrate the efficacy of our technique on versions of C programs with known vulnerabilities such as Send-mail. We have benchmarked our technique and the results show that it is general less expensive than other well-known runtime techniques, and at the same time requires no extentions to the C programming language. Additional benefits include the ability to gracefully handle arbitrary pointer usage, aliasing, and typecasting.
Booktitle
9th European Symposium on Research in Computer Security
Institution
University at Buffalo
Note
French Riviera, France, September 2004
School
University at Buffalo (SUNY), Buffalo, NY
Publication Date
2004-09-01
Subject
Runtime Enviroment Driven Program Safety