Bounds checking with taint-based analysis

Authors:
Weihaw Chuang;Satish Narayanasamy;Brad Calder;Ranjit Jhala
Affiliations:
CSE Department, University of California, San Diego;CSE Department, University of California, San Diego;CSE Department, University of California, San Diego and Microsoft;CSE Department, University of California, San Diego
Venue:
HiPEAC'07 Proceedings of the 2nd international conference on High performance embedded architectures and compilers
Year:
2007

Citing 10
Cited 2

Efficient detection of all pointer and array access errors

PLDI '94 Proceedings of the ACM SIGPLAN 1994 conference on Programming language design and implementation
Points-to analysis in almost linear time

POPL '96 Proceedings of the 23rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Fast and accurate flow-insensitive points-to analysis

Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
CCured: type-safe retrofitting of legacy code

POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Cyclone: A Safe Dialect of C

ATEC '02 Proceedings of the General Track of the annual conference on USENIX Annual Technical Conference
Optimization of range checking

SIGPLAN '82 Proceedings of the 1982 SIGPLAN symposium on Compiler construction
Secure program execution via dynamic information flow tracking

ASPLOS XI Proceedings of the 11th international conference on Architectural support for programming languages and operating systems
Minos: Control Data Attack Prevention Orthogonal to Memory Model

Proceedings of the 37th annual IEEE/ACM International Symposium on Microarchitecture
AccMon: Automatically Detecting Memory-Related Bugs via Program Counter-Based Invariants

Proceedings of the 37th annual IEEE/ACM International Symposium on Microarchitecture
Enhancing server availability and security through failure-oblivious computing

OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6

Hardbound: architectural support for spatial safety of the C programming language

Proceedings of the 13th international conference on Architectural support for programming languages and operating systems
Accelerating Dynamic Detection of Uses of Undefined Values with Static Value-Flow Analysis

Proceedings of Annual IEEE/ACM International Symposium on Code Generation and Optimization

Quantified Score

Hi-index	0.00

Visualization

Abstract

We analyze the performance of different bounds checking implementations. Specifically, we examine using the x86 bound instruction to reduce the run-time overhead. We also propose a compiler optimization that prunes the bounds checks that are not necessary to guarantee security. The optimization is based on the observation that buffer overflow attacks are launched through external inputs. Therefore, it is sufficient to bounds check only the accesses to those data structures that can possibly hold the external inputs. Also, it is sufficient to bounds check only the memory writes. The proposed optimizations reduce the number of required bounds checks as well as the amount of meta-data that need to be maintained to perform those checks.