More Web Proxy on the site http://driver.im/

Article

DieHard: probabilistic memory safety for unsafe languages

Authors:

Emery D. Berger,

Benjamin G. ZornAuthors Info & Claims

PLDI '06: Proceedings of the 27th ACM SIGPLAN Conference on Programming Language Design and Implementation

Pages 158 - 168

https://doi.org/10.1145/1133981.1134000

Published: 11 June 2006 Publication History

Abstract

Applications written in unsafe languages like C and C++ are vulnerable to memory errors such as buffer overflows, dangling pointers, and reads of uninitialized data. Such errors can lead to program crashes, security vulnerabilities, and unpredictable behavior. We present DieHard, a runtime system that tolerates these errors while probabilistically maintaining soundness. DieHard uses randomization and replication to achieve probabilistic memory safety by approximating an infinite-sized heap. DieHard's memory manager randomizes the location of objects in a heap that is at least twice as large as required. This algorithm prevents heap corruption and provides a probabilistic guarantee of avoiding memory errors. For additional safety, DieHard can operate in a replicated mode where multiple replicas of the same application are run simultaneously. By initializing each replica with a different random seed and requiring agreement on output, the replicated version of Die-Hard increases the likelihood of correct execution because errors are unlikely to have the same effect across all replicas. We present analytical and experimental results that show DieHard's resilience to a wide range of memory errors, including a heap-based buffer overflow in an actual application.

References

[1]

T. M. Austin, S. E. Breach, and G. S. Sohi. Efficient detection of all pointer and array access errors. In PLDI '94: Proceedings of the ACM SIGPLAN 1994 conference on Programming language design and implementation, pages 290--301, New York, NY, USA, 1994. ACM Press.

Digital Library

[2]

A. Avizienis. The N-version approach to fault-tolerant systems. IEEE Transactions on Software Engineering, 11(12):1491--1501, Dec. 1985.

Digital Library

[3]

D. Avots, M. Dalton, V. B. Livshits, and M. S. Lam. Improving software security with a C pointer analysis. In ICSE '05: Proceedings of the 27th international conference on Software engineering, pages 332--341, New York, NY, USA, 2005. ACM Press.

Digital Library

[4]

T. Ball, S. Chaki, and S. K. Rajamani. Parameterized verification of multithreaded software libraries. In 7th International Conference on Proceedings of Tools and Algorithms for the Construction and Analysis of Systems (TACAS), volume 2031 of Lecture Notes in Computer Science, pages 158--173, 2001.

Digital Library

[5]

E. D. Berger, K. S. McKinley, R. D. Blumofe, and P. R. Wilson. Hoard: A scalable memory allocator for multithreaded applications. In ASPLOS-IX: Ninth International Conference on Architectural Support for Programming Languages and Operating Systems, pages 117--128, Cambridge, MA, Nov. 2000.

Digital Library

[6]

E. D. Berger, B. G. Zorn, and K. S. McKinley. Composing high performance memory allocators. In Proceedings of the 2001 ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), Snowbird, Utah, June 2001.

Digital Library

[7]

S. Bhatkar, D. C. DuVarney, and R. Sekar. Address obfuscation: An efficient approach to combat a broad range of memory error exploits. In Proceedings of the 12th USENIX Security Symposium, pages 105--120. USENIX, Aug. 2003.

Digital Library

[8]

S. Bhatkar, R. Sekar, and D. C. DuVarney. Efficient techniques for comprehensive protection from memory error exploits. In Proceedings of the 14th USENIX Security Symposium, pages 271--286. USENIX, Aug. 2005.

Digital Library

[9]

H.-J. Boehm and M. Weiser. Garbage collection in an uncooperative environment. Software Practice and Experience, 18(9):807--820, 1988.

Digital Library

[10]

T. C. Bressoud and F. B. Schneider. Hypervisor-based fault tolerance. In SOSP '95: Proceedings of the fifteenth ACM symposium on Operating systems principles, pages 1--11, New York, NY, USA, 1995. ACM Press.

Digital Library

[11]

T. M. Chilimbi, M. D. Hill, and J. R. Larus. Cache-conscious structure layout. In Proceedings of SIGPLAN'99 Conference on Programming Languages Design and Implementation, ACM SIGPLAN Notices, pages 1--12, Atlanta, May 1999. ACM Press.

Digital Library

[12]

D. L. Detlefs. Empirical evidence for using garbage collection in C and C++ programs. In E. Moss, P. R. Wilson, and B. Zorn, editors, OOPSLA/ECOOP '93 Workshop on Garbage Collection in Object-Oriented Systems, Oct. 1993.

[13]

D. Dhurjati, S. Kowshik, V. Adve, and C. Lattner. Memory safety without runtime checks or garbage collection. In ACM SIGPLAN 2003 Conference on Languages, Compilers, and Tools for Embedded Systems (LCTES'2003), San Diego, CA, June 2003. ACM Press.

Digital Library

[14]

Y. Feng and E. D. Berger. A locality-improving dynamic memory allocator. In Proceedings of the ACM SIGPLAN 2005 Workshop on Memory System Performance (MSP), Chicago, IL, June 2005.

Digital Library

[15]

M. J. Fischer, N. A. Lynch, and M. S. Paterson. Impossibility of distributed consensus with one faulty process. J. ACM, 32(2):374--382, 1985.

Digital Library

[16]

D. Grossman, G. Morrisett, T. Jim, M. Hicks, Y.Wang, and J. Cheney. Region-based memory management in Cyclone. In PLDI '02: Proceedings of the ACMSIGPLAN 2002 Conference on Programming language design and implementation, pages 282--293, New York, NY, USA, 2002. ACM Press.

Digital Library

[17]

D. Grunwald, B. Zorn, and R. Henderson. Improving the cache locality of memory allocation. In Proceedings of SIGPLAN'93 Conference on Programming Languages Design and Implementation, volume 28(6) of ACM SIGPLAN Notices, pages 177--186, Albuquerque, NM, June 1993. ACM Press.

Digital Library

[18]

R. Hastings and B. Joyce. Purify: Fast detection of memory leaks and access errors. In Proc. of the Winter 1992 USENIX Conference, pages 125--138, San Francisco, California, 1991.

[19]

M. Hauswirth and T. M. Chilimbi. Low-overhead memory leak detection using adaptive statistical profiling. In ASPLOS-XI: Proceedings of the 11th International Conference on Architectural Support for Programming Languages and Operating Systems, pages 156--164, New York, NY, USA, 2004. ACM Press.

Digital Library

[20]

M. Hertz and E. D. Berger. Quantifying the performance of garbage collection vs. explicit memory management. In Proceedings of the 20th annual ACM SIGPLAN Conference on Object-Oriented Programming Systems, Languages, and Applications, San Diego, CA, Oct. 2005.

Digital Library

[21]

T. Jim, J. G. Morrisett, D. Grossman, M. W. Hicks, J. Cheney, and Y.Wang. Cyclone: A safe dialect of C. In Proceedings of the General Track: 2002 USENIX Annual Technical Conference, pages 275--288, Berkeley, CA, USA, 2002. USENIX Association.

Digital Library

[22]

M. S. Johnstone and P. R. Wilson. The memory fragmentation problem: Solved? In P. Dickman and P. R. Wilson, editors, OOPSLA '97 Workshop on Garbage Collection and Memory Management, Oct. 1997.

Digital Library

[23]

M. Kaempf. Vudo malloc tricks. Phrack Magazine, 57(8), Aug. 2001.

[24]

P.-H. Kamp. Malloc(3) revisited. http://phk.freebsd.dk/pubs/malloc.pdf.

Digital Library

[25]

D. Lea. A memory allocator. http://gee.cs.oswego.edu/dl/html/malloc.html,1997.

[26]

G. Marsaglia. yet another RNG. posted to the electronic bulletin board sci.stat.math, Aug. 1994.

[27]

G. C. Necula, S. McPeak, and W. Weimer. Ccured: type-safe retrofitting of legacy code. In POPL '02: Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, pages 128--139, New York, NY, USA, 2002. ACM Press.

Digital Library

[28]

N. Nethercote and J. Fitzhardinge. Bounds-checking entire programs without recompiling. In SPACE 2004, Venice, Italy, Jan. 2004.

[29]

PaX Team. PaX address space layout randomization (ASLR). http://pax.grsecurity.net/docs/aslr.txt.

[30]

F. Qin, J. Tucek, J. Sundaresan, and Y. Zhou. Rx: Treating bugs as allergies: A safe method to survive software failures. In Proceedings of the Twentieth Symposium on Operating Systems Principles, volume XX of Operating Systems Review, Brighton, UK, Oct. 2005. ACM.

Digital Library

[31]

M. Rinard, C. Cadar, D. Dumitran, D. M. Roy, and T. Leu. A dynamic technique for eliminating buffer overflow vulnerabilities (and other memory errors). In Proceedings of the 2004 Annual Computer Security Applications Conference, Dec. 2004.

Digital Library

[32]

M. Rinard, C. Cadar, D. Dumitran, D. M. Roy, T. Leu, and J. William S. Beebee. Enhancing server availability and security through failure oblivious computing. In Sixth Symposium on Operating Systems Design and Implementation, San Francisco, CA, Dec. 2004. USENIX.

Digital Library

[33]

W. Robertson, C. Kruegel, D. Mutz, and F. Valeur. Run-time detection of heap-based overflows. In LISA '03: Proceedings of the 17th Large Installation Systems Administration Conference, pages 51-60. USENIX, 2003.

Digital Library

[34]

J. M. Robson. Bounds for some functions concerning dynamic storage allocation. Journal of the ACM, 21(3):419--499, July 1974.

Digital Library

[35]

J. Seward and N. Nethercote. Using Valgrind to detect undefined value errors with bit-precision. In Proceedings of the USENIX'05 Annual Technical Conference, Anaheim, California, USA, Apr. 2005.

Digital Library

[36]

H. Shacham, M. Page, B. Pfaff, E.-J. Goh, N. Modadugu, and D. Boneh. On the effectiveness of address-space randomization. In CCS '04: Proceedings of the 11th ACM conference on Computer and Communications Security, pages 298--307, New York, NY, USA, 2004. ACM Press.

Digital Library

[37]

Standard Performance Evaluation Corporation. SPEC2000. http://www.spec.org.

[38]

N. Swamy, M. Hicks, G. Morrisett, D. Grossman, and T. Jim. Experience with safe manual memory management in Cyclone. Science of Computer Programming, 2006. Special issue on memory management. Expands ISMM conference paper of the same name. To appear.

Digital Library

[39]

US-CERT. US-CERT vulnerability notes. http://www.kb.cert.org/vuls/.

[40]

P. R. Wilson, M. S. Johnstone, M. Neely, and D. Boles. Dynamic storage allocation: A survey and critical review. In Proceedings of the International Workshop on Memory Management, volume 986 of Lecture Notes in Computer Science, pages 1--116, Kinross, Scotland, Sept. 1995. Springer-Verlag.

Digital Library

[41]

W. Xu, D. C. DuVarney, and R. Sekar. An efficient and backwards compatible transformation to ensure memory safety of C programs. In SIGSOFT '04/FSE-12: Proceedings of the 12th ACM SIGSOFT twelfth international symposium on Foundations of software engineering, pages 117-126, New York, NY, USA, 2004. ACM Press.

Digital Library

[42]

S. H. Yong and S. Horwitz. Protecting C programs from attacks via invalid pointer dereferences. In ESEC/FSE-11: 11th ACM SIGSOFT International Symposium on Foundations of Software Engineering, pages 307--316, New York, NY, USA, 2003. ACM Press.

Digital Library

[43]

Y. Younan, W. Joosen, F. Piessens, and H. V. den Eynden. Security of memory allocators for C and C++. Technical Report CW 419, Department of Computer Science, Katholieke Universiteit Leuven, Belgium, July 2005. Available at http://www.cs.kuleuven.ac.be/publicaties/rapporten/cw/CW419.pdf.

[44]

B. Zorn. The measured cost of conservative garbage collection. Software Practice and Experience, 23:733--756, 1993.

Digital Library

Cited By

Davoli DAvanzini MRezk TLuo BLiao XXu JKirda ELie D(2024)On Kernel's Safety in the Spectre Era (And KASLR is Formally Dead)Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3670332(1091-1105)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3670332
Rösti AVoulimeneas AFranz M(2024)The Astonishing Evolution of Probabilistic Memory Safety: From Basic Heap-Data Attack Detection Toward Fully Survivable Multivariant ExecutionIEEE Security and Privacy10.1109/MSEC.2024.340764822:4(66-75)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1109/MSEC.2024.3407648
Stavrakakis DPanfil ANam MBhatotia P(2024)SPP: Safe Persistent Pointers for Memory Safety2024 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)10.1109/DSN58291.2024.00019(37-52)Online publication date: 24-Jun-2024
https://doi.org/10.1109/DSN58291.2024.00019
Show More Cited By

Recommendations

DieHard: probabilistic memory safety for unsafe languages
Proceedings of the 2006 PLDI Conference

Applications written in unsafe languages like C and C++ are vulnerable to memory errors such as buffer overflows, dangling pointers, and reads of uninitialized data. Such errors can lead to program crashes, security vulnerabilities, and unpredictable ...
Archipelago: trading address space for reliability and security
ASPLOS XIII: Proceedings of the 13th international conference on Architectural support for programming languages and operating systems

Memory errors are a notorious source of security vulnerabilities that can lead to service interruptions, information leakage and unauthorized access. Because such errors are also difficult to debug, the absence of timely patches can leave users ...
Archipelago: trading address space for reliability and security
ASPLOS '08

Memory errors are a notorious source of security vulnerabilities that can lead to service interruptions, information leakage and unauthorized access. Because such errors are also difficult to debug, the absence of timely patches can leave users ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

PLDI '06: Proceedings of the 27th ACM SIGPLAN Conference on Programming Language Design and Implementation

June 2006

438 pages

ISBN:1595933204

DOI:10.1145/1133981

General Chair:
Michael Schwartzbach
University of Aarhus, Denmark
,
Program Chair:
Thomas Ball
Microsoft Research

ACM SIGPLAN Notices Volume 41, Issue 6
Proceedings of the 2006 PLDI Conference
June 2006
426 pages
ISSN:0362-1340
EISSN:1558-1160
DOI:10.1145/1133255
Issue’s Table of Contents

Copyright © 2006 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

In-Cooperation

SIGSOFT: ACM Special Interest Group on Software Engineering

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 11 June 2006

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

PLDI06

Sponsor:

PLDI06: ACM SIGPLAN Conference on Programming Language Design and Implementation 2006

June 11 - 14, 2006

Ontario, Ottawa, Canada

Acceptance Rates

Overall Acceptance Rate 406 of 2,067 submissions, 20%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

408
Total Citations
View Citations
2,114
Total Downloads

Downloads (Last 12 months)135
Downloads (Last 6 weeks)21

Reflects downloads up to 18 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Davoli DAvanzini MRezk TLuo BLiao XXu JKirda ELie D(2024)On Kernel's Safety in the Spectre Era (And KASLR is Formally Dead)Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3670332(1091-1105)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3670332
Rösti AVoulimeneas AFranz M(2024)The Astonishing Evolution of Probabilistic Memory Safety: From Basic Heap-Data Attack Detection Toward Fully Survivable Multivariant ExecutionIEEE Security and Privacy10.1109/MSEC.2024.340764822:4(66-75)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1109/MSEC.2024.3407648
Stavrakakis DPanfil ANam MBhatotia P(2024)SPP: Safe Persistent Pointers for Memory Safety2024 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)10.1109/DSN58291.2024.00019(37-52)Online publication date: 24-Jun-2024
https://doi.org/10.1109/DSN58291.2024.00019
Bang IKayondo MMoon HPaek YCalandrino JTroncoso C(2023)TRUSTProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620626(6947-6964)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620626
Zhou JCriswell JHicks M(2023)Fat Pointers for Temporal Memory Safety of CProceedings of the ACM on Programming Languages10.1145/35860387:OOPSLA1(316-347)Online publication date: 6-Apr-2023
https://dl.acm.org/doi/10.1145/3586038
Hu JLu EHolland DKawaguchi MChong SSeltzer M(2023)Towards Porting Operating Systems with Program SynthesisACM Transactions on Programming Languages and Systems10.1145/356394345:1(1-70)Online publication date: 3-Mar-2023
https://dl.acm.org/doi/10.1145/3563943
Berlakovich FBrunthaler SFedorova ANarayanan DDi Luna GQuerzoni L(2023)R2C: AOCR-Resilient Diversity with Reactive and Reflective CamouflageProceedings of the Eighteenth European Conference on Computer Systems10.1145/3552326.3587439(488-504)Online publication date: 8-May-2023
https://dl.acm.org/doi/10.1145/3552326.3587439
Shen ZDharsee KCriswell J(2022)Randezvous: Making Randomization Effective on MCUsProceedings of the 38th Annual Computer Security Applications Conference10.1145/3564625.3567970(28-41)Online publication date: 5-Dec-2022
https://dl.acm.org/doi/10.1145/3564625.3567970
Cho HPark JOest ABao TWang RShoshitaishvili YDoupé AAhn GFalsafi BFerdman MLu SWenisch T(2022)ViK: practical mitigation of temporal memory safety violations through object ID inspectionProceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems10.1145/3503222.3507780(271-284)Online publication date: 28-Feb-2022
https://dl.acm.org/doi/10.1145/3503222.3507780
Erdős MAinsworth SJones TFalsafi BFerdman MLu SWenisch T(2022)MineSweeper: a “clean sweep” for drop-in use-after-free preventionProceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems10.1145/3503222.3507712(212-225)Online publication date: 28-Feb-2022
https://dl.acm.org/doi/10.1145/3503222.3507712
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents