Protecting Computer Systems by Eliminating Vulnerabilities

Nov 02, 2016

Abstract

Many system software are performance critical, and they are typically
implemented in unsafe programming languages that are efficient but prone
to security vulnerabilities. Existing approaches to address vulnerable
software tend to address some specific harmful effects (e.g., detection
based on evidence of an exploit), and thus have limited
effectiveness. For example, there have been many unfortunate cases where
security holes are again uncovered in the supposed "patched" or
protected systems security.

My research aims to eliminate the root cause of vulnerabilities. In this
talk, I will present two tools that I have developed, DangNull and
Caver. These tools protect a system from well-known as well as emerging
memory corruption vulnerabilities including use-after-free and
bad-casting. Specifically, DangNull relies on the key observation that
the root cause of use-after-free is that pointers are not nullified
after the target object is freed. Thus, DangNull instruments a program
to trace the object's relationships via pointers and automatically
nullifies all pointers when the target object is freed. Similarly, CaVer
relies on the key observation that the root cause of bad-casting is that
casting operations are not properly verified. Thus, CaVer uses a new
runtime type tracing mechanism to overcome the limitation of existing
approaches, and performs efficient verification on all type casting
operations dynamically. We have implemented these protection solutions
and successfully applied them to Chrome and Firefox browsers. Our
evaluation showed that DangNull and CaVer imposes 29% and 7.6% benchmark
overheads in Chrome, respectively. We have also tested seven
use-after-free and five bad-casting exploits in Chrome, and DangNull and
CaVer safely prevented them all.