A Hybrid Approach for Safe Memory Management in C

Authors:
Syrine Tlili;Zhenrong Yang;Hai Zhou Ling;Mourad Debbabi
Affiliations:
Computer Security Laboratory (CSL) Concordia Institute for Information Systems Engineering, Concordia University, Montreal, Canada;Computer Security Laboratory (CSL) Concordia Institute for Information Systems Engineering, Concordia University, Montreal, Canada;Computer Security Laboratory (CSL) Concordia Institute for Information Systems Engineering, Concordia University, Montreal, Canada;Computer Security Laboratory (CSL) Concordia Institute for Information Systems Engineering, Concordia University, Montreal, Canada
Venue:
AMAST 2008 Proceedings of the 12th international conference on Algebraic Methodology and Software Technology
Year:
2008

Citing 9
Cited 0

Efficient detection of all pointer and array access errors

PLDI '94 Proceedings of the ACM SIGPLAN 1994 conference on Programming language design and implementation
CCured: type-safe retrofitting of legacy code

POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Adoption and focus: practical linear types for imperative programming

PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
Region-based memory management in cyclone

PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
A Memory Allocation Profiler for C and Lisp Programs

A Memory Allocation Profiler for C and Lisp Programs
Integrating Static and Dynamic Analysis for Detecting Vulnerabilities

COMPSAC '06 Proceedings of the 30th Annual International Computer Software and Applications Conference - Volume 01
Using Valgrind to detect undefined value errors with bit-precision

ATEC '05 Proceedings of the annual conference on USENIX Annual Technical Conference
Team Edit Automata for Testing Security Property

IAS '07 Proceedings of the Third International Symposium on Information Assurance and Security
Type and Effect Annotations for Safe Memory Access in C

ARES '08 Proceedings of the 2008 Third International Conference on Availability, Reliability and Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

In this paper, we present a novel approach that establishes a synergy between static and dynamic analyses for detecting memory errors in Ccode. We extend the standard Ctype system with effect, region, and host annotations that are relevant to memory management. We define static memory checks to detect memory errors using these annotations. The statically undecidable checks are delegated to dynamic code instrumentation to secure program executions. The static analysis guides its dynamic counterpart by locating instrumentation points and their execution paths. Our dynamic analysis instruments programs with in-lined monitors that observe program executions and ensure safe-fail when encountering memory errors. We prototype our approach by extending the GCC compiler with our type system, a dynamic monitoring library, and code instrumentation capabilities.