More Web Proxy on the site http://driver.im/

research-article

SoftBound: highly compatible and complete spatial memory safety for c

Authors:

Santosh Nagarakatte,

Milo M.K. Martin,

Steve ZdancewicAuthors Info & Claims

ACM SIGPLAN Notices, Volume 44, Issue 6

Pages 245 - 258

https://doi.org/10.1145/1543135.1542504

Published: 15 June 2009 Publication History

Abstract

The serious bugs and security vulnerabilities facilitated by C/C++'s lack of bounds checking are well known, yet C and C++ remain in widespread use. Unfortunately, C's arbitrary pointer arithmetic, conflation of pointers and arrays, and programmer-visible memory layout make retrofitting C/C++ with spatial safety guarantees extremely challenging. Existing approaches suffer from incompleteness, have high runtime overhead, or require non-trivial changes to the C source code. Thus far, these deficiencies have prevented widespread adoption of such techniques.

This paper proposes SoftBound, a compile-time transformation for enforcing spatial safety of C. Inspired by HardBound, a previously proposed hardware-assisted approach, SoftBound similarly records base and bound information for every pointer as disjoint metadata. This decoupling enables SoftBound to provide spatial safety without requiring changes to C source code. Unlike HardBound, SoftBound is a software-only approach and performs metadata manipulation only when loading or storing pointer values. A formal proof shows that this is sufficient to provide spatial safety even in the presence of arbitrary casts. SoftBound's full checking mode provides complete spatial violation detection with 67% runtime overhead on average. To further reduce overheads, SoftBound has a store-only checking mode that successfully detects all the security vulnerabilities in a test suite at the cost of only 22% runtime overhead on average.

References

[1]

Adobe Reader vulnerability exploited in-the-wild, 2008. http://www.trustedsource.org/blog/118/Recent-Adobe-Reader-vulnerability-exploited-in-the-wild.

[2]

Adobe Security Advisories: APSB08-19, Nov. 2008. http://www.adobe.com/support/security/bulletins/apsb08-19.html.

[3]

M. Abadi, M. Budiu, Ú. Erlingsson, and J. Ligatti. Control-Flow Integrity. In Proceedings of the 10th ACM Conference on Computer and Communications Security, Nov. 2005.

Digital Library

[4]

P. Akritidis, C. Cadar, C. Raiciu, M. Costa, and M. Castro. Preventing Memory Error Exploits with WIT. In Proceedings of the 2008 IEEE Symposium on Security and Privacy, 2008.

Digital Library

[5]

T. M. Austin, S. E. Breach, and G. S. Sohi. Efficient Detection of All Pointer and Array Access Errors. In Proceedings of the SIGPLAN 1994 Conference on Programming Language Design and Implementation, June 1994.

Digital Library

[6]

E. D. Berger and B. G. Zorn. DieHard: Probabilistic Memory Safety for Unsafe Languages. In Proceedings of the SIGPLAN 2006 Conference on Programming Language Design and Implementation, June 2006.

Digital Library

[7]

B. Blanchet, P. Cousot, R. Cousot, J. Feret, L. Mauborgne, A. Miné, D. Monniaux, and X. Rival. A Static Analyzer for Large Safety-critical Software. In Proceedings of the SIGPLAN 2003 Conference on Programming Language Design and Implementation, June 2003.

Digital Library

[8]

R. Bodík, R. Gupta, and V. Sarkar. ABCD: Eliminating Array Bounds Checks on Demand. In Proceedings of the SIGPLAN 2000 Conference on Programming Language Design and Implementation, June 2000.

Digital Library

[9]

H.-J. Boehm. Space Efficient Conservative Garbage Collection. In Proceedings of the SIGPLAN 1993 Conference on Programming Language Design and Implementation, June 1993.

Digital Library

[10]

M. Castro, M. Costa, and T. Harris. Securing Software by Enforcing Data-Flow Integrity. In Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation, Nov. 2006.

Digital Library

[11]

J. Condit, M. Harren, Z. Anderson, D. Gay, and G. C. Necula. Dependent Types for Low-Level Programming. In Proceedings of the 16th European Symposium on Programming, Apr. 2007.

Digital Library

[12]

K. D. Cooper, M. W. Hall, and K. Kennedy. A Methodology for Procedure Cloning. Comput. Lang., 19(2):105--117, 1993.

Digital Library

[13]

The Coq Development Team. The Coq Proof Assistant Reference Manual (Version 8.2beta4), 2008.

[14]

C. Cowan, P. Wagle, C. Pu, S. Beattie, and J. Walpole. Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade. In Proceedings of the Foundations of Intrusion Tolerant Systems, 2003.

[15]

J. Criswell, A. Lenharth, D. Dhurjati, and V. Adve. Secure Virtual Architecture: A Safe Execution Environment for Commodity Operating Systems. In Proceedings of the 21st ACM Symposium on Operating Systems Principles, Oct. 2007.

Digital Library

[16]

J. Devietti, C. Blundell, M. M. K. Martin, and S. Zdancewic. Hardbound: Architectural Support for Spatial Safety of the C Programming Language. In Proceedings of the 12th International Conference on Architectural Support for Programming Languages and Operating Systems, Mar. 2008.

Digital Library

[17]

D. Dhurjati and V. Adve. Backwards-Compatible Array Bounds Checking for C with Very Low Overhead. In Proceeding of the 28th International Conference on Software Engineering, May 2006.

Digital Library

[18]

D. Dhurjati, S. Kowshik, and V. Adve. SAFECode: Enforcing Alias Analysis for Weakly Typed Languages. In Proceedings of the SIGPLAN 2006 Conference on Programming Language Design and Implementation, June 2006.

Digital Library

[19]

D. Dhurjati, S. Kowshik, V. Adve, and C. Lattner. Memory Safety Without Runtime Checks or Garbage Collection. In Proceedings of the 2003 ACM SIGPLAN Conference on Language, Compiler, and Tool for Embedded Systems (LCTES), 2003.

Digital Library

[20]

N. Dor, M. Rodeh, and M. Sagiv. CSSV: Towards a Realistic Tool for Statically Detecting All Buffer Overflows in C. In Proceedings of the SIGPLAN 2003 Conference on Programming Language Design and Implementation, June 2004.

Digital Library

[21]

F. C. Eigler. Mudflap: Pointer Use Checking for C/C++. In GCC Developer's Summit, 2003.

[22]

V. Ganapathy, S. Jha, D. Chandler, D. Melski, and D. Vitek. Buffer Overrun Detection using Linear Programming and Static Analysis. In Proceedings of the 10th ACM Conference on Computer and Communications Security, 2003.

Digital Library

[23]

D. Gay and A. Aiken. Memory Management with Explicit Regions. In Proceedings of the SIGPLAN 1998 Conference on Programming Language Design and Implementation, June 1998.

Digital Library

[24]

D. Grossman. Safe Programming at the C Level of Abstraction. PhD thesis, Department of Computer Science, Cornell University, Aug. 2003.

Digital Library

[25]

D. Grossman, G. Morrisett, T. Jim, M. Hicks, Y. Wang, and J. Cheney. Region--Based Memory Management in Cyclone. In Proceedings of the SIGPLAN 2002 Conference on Programming Language Design and Implementation, June 2002.

Digital Library

[26]

B. Hackett, M. Das, D. Wang, and Z. Yang. Modular Checking for Buffer Overflows in the Large. In Proceedings of the 28th International Conference on Software Engineering (ICSE), 2006.

Digital Library

[27]

R. Hastings and B. Joyce. Purify: Fast Detection of Memory Leaks and Access Errors. In Proceedings of the Winter Usenix Conference, 1992.

[28]

T. Jim, G. Morrisett, D. Grossman, M. Hicks, J. Cheney, and Y. Wang. Cyclone: A Safe Dialect of C. In Proceedings of the 2002 USENIX Annual Technical Conference, June 2002.

Digital Library

[29]

R. W. M. Jones and P. H. J. Kelly. Backwards-Compatible Bounds Checking for Arrays and Pointers in C Programs. In Third International Workshop on Automated Debugging, Nov. 1997.\newpage

[30]

V. Kiriansky, D. Bruening, and S. Amarasinghe. Secure Execution via Program Shepherding. In Proceedings of the 11th USENIX Security Symposium, Aug. 2002.

Digital Library

[31]

G. Kroah-Hartman. The Linux Kernel Driver Model: The Benefits of Working Together. In A. Oram and G. Wilson, editors, Beautiful Code: Leading Programmers Explain How They Think. O'Reilly Media, Inc., June 2007.

[32]

L. Lam and T. Chiueh. Checking Array Bound Violation Using Segmentation Hardware. In Proceedings of the International Conference on Dependable Systems and Networks, June 2005.

Digital Library

[33]

C. Lattner and V. Adve. LLVM: A Compilation Framework for Lifelong Program Analysis & Transformation. In Proceedings of the International Symposium on Code Generation and Optimization, 2004.

Digital Library

[34]

S. Lu, Z. Li, F. Qin, L. Tan, P. Zhou, and Y. Zhou. Bugbench: Benchmarks for Evaluating Bug Detection tools. In In PLDI Workshop on the Evaluation of Software Defect Detection Tools, June 2005.

[35]

G. C. Necula, J. Condit, M. Harren, S. McPeak, and W. Weimer. CCured: Type--Safe Retrofitting of Legacy Software. ACM Transactions on Programming Languages and Systems, 27(3), May 2005.

Digital Library

[36]

N. Nethercote and J. Fitzhardinge. Bounds-Checking Entire Programs Without Recompiling. In Proceedings of the Second Workshop on Semantics, Program Analysis, and Computing Environments for Memory Management, 2004.

[37]

H. Patil and C. N. Fischer. Low-Cost, Concurrent Checking of Pointer and Array Accesses in C Programs. Software -- Practice & Experience, 27(1):87--110, 1997.

Digital Library

[38]

J. Pincus and B. Baker. Beyond Stack Smashing: Recent Advances in Exploiting Buffer Overruns. IEEE Security & Privacy, 2(4):20--27, 2004.

Digital Library

[39]

P. Porras, H. Saidi, and V. Yegneswaran. An Analysis of Conficker's Logic and Rendezvous Points. Technical report, SRI International, Feb. 2009.

[40]

A. Rogers, M. C. Carlisle, J. H. Reppy, and L. J. Hendren. Supporting Dynamic Data Structures on Distributed-Memory Machines. ACM Transactions on Programming Languages and Systems, 17(2):233--263, 1995.

Digital Library

[41]

O. Ruwase and M. S. Lam. A Practical Dynamic Buffer Overflow Detector. In Proceedings of the Network and Distributed Systems Security Symposium, Feb. 2004.

[42]

J. Seward and N. Nethercote. Using Valgrind to Detect Undefined Value Errors with Bit-Precision. In Proceedings of the 2005 USENIX Annual Technical Conference, Apr. 2005.

Digital Library

[43]

SoftBound website. http://www.cis.upenn.edu/acg/softbound/.

[44]

D. Wagner, J. S. Foster, E. A. Brewer, and A. Aiken. A First Step towards Automated Detection of Buffer Overrun Vulnerabilities. In Proceedings of the Network and Distributed Systems Security Symposium, 2000.

[45]

J. Wilander and M. Kamkar. A Comparison of Publicly Available Tools for Dynamic Buffer Overflow Prevention. In Proceedings of the Network and Distributed Systems Security Symposium, 2003.

[46]

T. Würthinger, C. Wimmer, and H. Mössenböck. Array Bounds Check Elimination for the Java HotSpot Client Compiler. In Proceedings of the 5th international symposium on Principles and practice of programming in Java, 2007.

Digital Library

[47]

W. Xu, D. C. DuVarney, and R. Sekar. An Efficient and Backwards-Compatible Transformation to Ensure Memory Safety of C Programs. In Proceedings of the 12th ACM SIGSOFT International Symposium on Foundations of Software Engineering (FSE), 2004.

Digital Library

[48]

S. H. Yong and S. Horwitz. Protecting C Programs From Attacks via Invalid Pointer Dereferences. In Proceedings of the 11th ACM SIGSOFT International Symposium on Foundations of Software Engineering (FSE), 2003.

Digital Library

Cited By

Rusconi DZoia MBuccioli LPierazzi FBruschi DCavallaro LToffalini FLanzi AFawaz KAlmgren M(2024)EmbedWatch: Fat Pointer Solution for Detecting Spatial Memory Errors in Embedded SystemsProceedings of the Sixth Workshop on CPS&IoT Security and Privacy10.1145/3690134.3694815(55-67)Online publication date: 19-Nov-2024
https://dl.acm.org/doi/10.1145/3690134.3694815
Christou NGaidis AAtlidakis VKemerlis VLuo BLiao XXu JKirda ELie D(2024)Eclipse: Preventing Speculative Memory-error Abuse with Artificial Data DependenciesProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3690201(3913-3927)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3690201
Davoli DAvanzini MRezk TLuo BLiao XXu JKirda ELie D(2024)On Kernel's Safety in the Spectre Era (And KASLR is Formally Dead)Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3670332(1091-1105)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3670332
Show More Cited By

Index Terms

SoftBound: highly compatible and complete spatial memory safety for c
1. Software and its engineering
  1. Software notations and tools
    1. Compilers

Recommendations

SoftBound: highly compatible and complete spatial memory safety for c
PLDI '09: Proceedings of the 30th ACM SIGPLAN Conference on Programming Language Design and Implementation

The serious bugs and security vulnerabilities facilitated by C/C++'s lack of bounds checking are well known, yet C and C++ remain in widespread use. Unfortunately, C's arbitrary pointer arithmetic, conflation of pointers and arrays, and programmer-...
SoftBound+CETS Revisited: More Than a Decade Later
EuroSec '24: Proceedings of the 17th European Workshop on Systems Security

Memory safety issues, including buffer overflows and use-after-free errors, continue to pose significant security threats in C/C++ programs, necessitating robust defenses and detection mechanisms. Despite advancements in memory-safe languages like Rust, ...
Hardbound: architectural support for spatial safety of the C programming language
ASPLOS '08

The C programming language is at least as well known for its absence of spatial memory safety guarantees (i.e., lack of bounds checking) as it is for its high performance. C's unchecked pointer arithmetic and array indexing allow simple programming ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM SIGPLAN Notices

ACM SIGPLAN Notices Volume 44, Issue 6

PLDI '09

June 2009

478 pages

ISSN:0362-1340

EISSN:1558-1160

DOI:10.1145/1543135

Issue’s Table of Contents

PLDI '09: Proceedings of the 30th ACM SIGPLAN Conference on Programming Language Design and Implementation
June 2009
492 pages
ISBN:9781605583921
DOI:10.1145/1542476
General Chair:
Michael Hind
IBM Research, USA
,
Program Chair:
Amer Diwan
University of Colorado at Boulder, USA

Copyright © 2009 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 15 June 2009

Published in SIGPLAN Volume 44, Issue 6

Check for updates

Author Tags

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

442
Total Citations
View Citations
2,818
Total Downloads

Downloads (Last 12 months)347
Downloads (Last 6 weeks)28

Reflects downloads up to 09 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Rusconi DZoia MBuccioli LPierazzi FBruschi DCavallaro LToffalini FLanzi AFawaz KAlmgren M(2024)EmbedWatch: Fat Pointer Solution for Detecting Spatial Memory Errors in Embedded SystemsProceedings of the Sixth Workshop on CPS&IoT Security and Privacy10.1145/3690134.3694815(55-67)Online publication date: 19-Nov-2024
https://dl.acm.org/doi/10.1145/3690134.3694815
Christou NGaidis AAtlidakis VKemerlis VLuo BLiao XXu JKirda ELie D(2024)Eclipse: Preventing Speculative Memory-error Abuse with Artificial Data DependenciesProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3690201(3913-3927)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3690201
Davoli DAvanzini MRezk TLuo BLiao XXu JKirda ELie D(2024)On Kernel's Safety in the Spectre Era (And KASLR is Formally Dead)Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3670332(1091-1105)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3670332
Kuliamin V(2024)A Survey of Software Dynamic Analysis MethodsProgramming and Computing Software10.1134/S036176882401007950:1(90-114)Online publication date: 1-Feb-2024
https://dl.acm.org/doi/10.1134/S0361768824010079
Yang BZhang RLiu YLiu GCao ZYang ZYu HXu L(2024)CTL-I: Infrared Few-Shot Learning via Omnidirectional Compatible Class-IncrementalBig Data Technologies and Applications10.1007/978-3-031-52265-9_1(3-17)Online publication date: 31-Jan-2024
https://doi.org/10.1007/978-3-031-52265-9_1
DeLozier C(2023)How Close Is Existing C/C++ Code to a Safe Subset?Journal of Cybersecurity and Privacy10.3390/jcp40100014:1(1-22)Online publication date: 28-Dec-2023
https://doi.org/10.3390/jcp4010001
Michael AGollamudi ABosamiya JJohnson EDenlinger ADisselkoen CWatt CParno BPatrignani MVassena MStefan D(2023)MSWasm: Soundly Enforcing Memory-Safe Execution of Unsafe CodeProceedings of the ACM on Programming Languages10.1145/35712087:POPL(425-454)Online publication date: 11-Jan-2023
https://dl.acm.org/doi/10.1145/3571208
Liang KTan JZeng DHuang YHuang XTan G(2023)ABSLearn: a GNN-based framework for aliasing and buffer-size information retrievalPattern Analysis and Applications10.1007/s10044-023-01142-226:3(1171-1189)Online publication date: 19-Feb-2023
https://doi.org/10.1007/s10044-023-01142-2
Xing YChen ZXu SZhang Y(2023)CCMOP: A Runtime Verification Tool for C/C++ ProgramsRuntime Verification10.1007/978-3-031-44267-4_18(339-350)Online publication date: 1-Oct-2023
https://doi.org/10.1007/978-3-031-44267-4_18
Sultana NZhu HZhong KZheng ZMao RChauhan DCarrasquillo SZhao JShi LVasilakis NLoo B(2022)Towards Practical Application-level Support for Privilege SeparationProceedings of the 38th Annual Computer Security Applications Conference10.1145/3564625.3564664(71-87)Online publication date: 5-Dec-2022
https://dl.acm.org/doi/10.1145/3564625.3564664
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Issue’s Table of Contents