Abstract | ||
---|---|---|
Buffer overflows are still a significant problem in programs written in C and C++. In this paper we present a bounds checker, called PAriCheck, that inserts dynamic runtime checks to ensure that attackers are not able to abuse buffer overflow vulnerabilities. The main approach is based on checking pointer arithmetic rather than pointer dereferences when performing bounds checks. The checks are performed by assigning a unique label to each object and ensuring that the label is associated with each memory location that the object inhabits. Whenever pointer arithmetic occurs, the label of the base location is compared to the label of the resulting arithmetic. If the labels differ, an out-of-bounds calculation has occurred. Benchmarks show that PAriCheck has a very low performance overhead compared to similar bounds checkers. This paper demonstrates that using bounds checkers for programs or parts of programs running on high-security production systems is a realistic possibility. |
Year | DOI | Venue |
---|---|---|
2010 | 10.1145/1755688.1755707 | ASIACCS |
Keywords | Field | DocType |
bounds check,unique label,similar bounds checker,efficient pointer arithmetic checker,base location,resulting arithmetic,buffer overflow,c program,bounds checker,buffer overflow vulnerability,pointer dereferences,pointer arithmetic,bounds checking,buffer overflows,production system | Pointer (computer programming),Computer science,Computer security,Smart pointer,Bounds checking,Buffer overflow | Conference |
Citations | PageRank | References |
43 | 1.40 | 31 |
Authors | ||
6 |
Name | Order | Citations | PageRank |
---|---|---|---|
Yves Younan | 1 | 347 | 16.78 |
Pieter Philippaerts | 2 | 332 | 27.07 |
Lorenzo Cavallaro | 3 | 886 | 52.85 |
R. C. Sekar | 4 | 2328 | 168.76 |
Frank Piessens | 5 | 2455 | 162.28 |
Wouter Joosen | 6 | 2898 | 287.70 |