ABSTRACT
Programs written in C and C++ are susceptible to memory errors, including buffer overflows and dangling pointers. These errors, whichcan lead to crashes, erroneous execution, and security vulnerabilities, are notoriously costly to repair. Tracking down their location in the source code is difficult, even when the full memory state of the program is available. Once the errors are finally found, fixing them remains challenging: even for critical security-sensitive bugs, the average time between initial reports and the issuance of a patch is nearly one month.
We present Exterminator, a system that automatically correct sheap-based memory errors without programmer intervention. Exterminator exploits randomization to pinpoint errors with high precision. From this information, Exterminator derives runtime patches that fix these errors both in current and subsequent executions. In addition, Exterminator enables collaborative bug correction by merging patches generated by multiple users. We present analytical and empirical results that demonstrate Exterminator's effectiveness at detecting and correcting both injected and real faults.
- T. M. Austin, S. E. Breach, and G. S. Sohi. Efficient detection of all pointer and array access errors. In Proceedings of the ACM SIGPLAN 1994 Conference on Programming Language Design and Implementation, pages 290--301, New York, NY, USA, 1994. ACM Press. Google Scholar
Digital Library
- D. Avots, M. Dalton, V. B. Livshits, and M. S. Lam. Improving software security with a C pointer analysis. In Proceedings of the 27th International Conference on Software Engineering, pages 332--341, New York, NY, USA, 2005. ACM Press. Google Scholar
Digital Library
- E. D. Berger and B. G. Zorn. DieHard: Probabilistic memory safety for unsafe languages. In Proceedings of the 2006 ACM SIGPLAN Conference on Programming Language Design and Implementation, pages 158--168, New York, NY, USA, 2006. ACM Press. Google Scholar
Digital Library
- E. D. Berger and B. G. Zorn. Efficient probabilistic memory safety. Technical Report UMCS TR--2007--17, Department of Computer Science, University of Massachusetts Amherst, Mar. 2007.Google Scholar
- E. D. Berger, B. G. Zorn, and K. S. McKinley. Composing high--performance memory allocators. In Proceedings of the 2001 ACM SIGPLAN Conference on Programming Language Design and Implementation, Snowbird, Utah, June 2001. Google Scholar
Digital Library
- D. Bernstein. Usenet posting, comp.lang.c. http://groups.google.com/group/comp.lang.c/msg/6b82e964887d73d9, Dec. 1990.Google Scholar
- S. Bhatkar, D. C. DuVarney, and R. Sekar. Address obfuscation: An efficient approach to combat a broad range of memory error exploits. In Proceedings of the 12th USENIX Security Symposium, pages 105--120. USENIX, Aug. 2003. Google Scholar
Digital Library
- S. Bhatkar, R. Sekar, and D. C. DuVarney. Efficient techniques for comprehensive protection from memory error exploits. In Proceedings of the 14th USENIX Security Symposium, pages 271--286. USENIX, Aug. 2005. Google Scholar
Digital Library
- H.-J. Boehm and M. Weiser. Garbage collection in an uncooperative environment. Software Practice and Experience, 18(9):807--820, 1988. Google Scholar
Digital Library
- H. Cleve and A. Zeller. Locating causes of program failures. In Proceedings of the 27th International Conference on Software Engineering, pages 342--351, 2005. Google Scholar
Digital Library
- B. Demsky, M. D. Ernst, P. J. Guo, S. McCamant, J. H. Perkins, and M. Rinard. Inference and enforcement of data structure consistency specifications. In Proceedings of the 2006 International Symposium on Software Testing and Analysis, pages 233--244, New York, NY, USA, 2006. ACM Press. Google Scholar
Digital Library
- B. Demsky and M. Rinard. Automatic detection and repair of errors in data structures. In Proceedings of the 18th annual ACM SIGPLAN Conference on Object-oriented Programing, Systems, Languages, and Applications, pages 78--95, New York, NY, USA, 2003. ACM Press. Google Scholar
Digital Library
- B. Demsky and M. Rinard. Data structure repair using goal-directed reasoning. In Proceedings of the 27th International Conference on Software Engineering, pages 176--185, 2005. Google Scholar
Digital Library
- D. Dhurjati and V. Adve. Backwards--Compatible Array Bounds Checking for C with Very Low Overhead. In Proceedings of the 2006 International Conference on Software Engineering, Shanghai, China, May 2006. Google Scholar
Digital Library
- D. Dhurjati and V. Adve. Efficiently Detecting All Dangling Pointer Uses in Production Servers. In International Conference on Dependable Systems and Networks (DSN'06), pages 269--280, 2006. Google Scholar
Digital Library
- D. Dhurjati, S. Kowshik, and V. Adve. SAFEcode: enforcing alias analysis for weakly typed languages. In Proceedings of the 2006 ACM SIGPLAN Conference on Programming Language Design and Implementation, pages 144--157, New York, NY, USA, 2006. ACM Press. Google Scholar
Digital Library
- D. Dhurjati, S. Kowshik, V. Adve, and C. Lattner. Memory safety without runtime checks or garbage collection. In ACM SIGPLAN 2003 Conference on Languages, Compilers, and Tools for Embedded Systems (LCTES'2003), San Diego, CA, June 2003. ACM Press. Google Scholar
Digital Library
- M. D. Ernst, A. Czeisler, W. G. Griswold, and D. Notkin. Quickly detecting relevant program invariants. In Proceedings of the 22nd International Conference on Software Engineering, pages 449--458, New York, NY, USA, 2000. ACM Press. Google Scholar
Digital Library
- D. Grunwald, B. Zorn, and R. Henderson. Improving the cache locality of memory allocation. In Proceedings of SIGPLAN'93 Conference on Programming Languages Design and Implementation, volume 28(6) of ACM SIGPLAN Notices, pages 177--186, Albuquerque, NM, June 1993. ACM Press. Google Scholar
Digital Library
- Z. Guo, G. Jiang, H. Chen, and K. Yoshihira. Tracking probabilistic correlation of monitoring data for fault detection in complex systems. In Proceedings of the 2006 International Conference on Dependable Systems and Networks, pages 259--268, Los Alamitos, CA, USA, 2006. IEEE Computer Society. Google Scholar
Digital Library
- R. Hastings and B. Joyce. Purify: Fast detection of memory leaks and access errors. In Proc. of the Winter 1992 USENIX Conference, pages 125--138, San Francisco, California, 1991.Google Scholar
- M. S. Johnstone and P. R. Wilson. The memory fragmentation problem: Solved? In P. Dickman and P. R. Wilson, editors, OOPSLA '97 Workshop on Garbage Collection and Memory Management, Oct. 1997. Google Scholar
Digital Library
- M. Kharbutli, X. Jiang, Y. Solihin, G. Venkataramani, and M. Prvulovic. Comprehensively and efficiently protecting the heap. In Proceedings of the 12th International Conference on Architectural Support for Programming Languages and Operating Systems, pages 207--218, New York, NY, USA, 2006. ACM Press. Google Scholar
Digital Library
- D. Lea. A memory allocator. http://gee.cs.oswego.edu/dl/html/malloc.html.Google Scholar
- B. Liblit, A. Aiken, A. Zheng, and M. Jordan. Bug isolation via remote program sampling. In Proceedings of the ACM SIGPLAN 2003 Conference on Programming Language Design and Implementation, 2003. Google Scholar
Digital Library
- B. Liblit, M. Naik, A. X. Zheng, A. Aiken, and M. I. Jordan. Scalable statistical bug isolation. In Proceedings of the ACM SIGPLAN 2005 Conference on Programming Language Design and Implementation, pages 15--26, New York, NY, USA, 2005. ACM Press. Google Scholar
Digital Library
- C. Liu, X. Yan, L. Fei, J. Han, and S. P. Midkiff. SOBER: statistical model--based bug localization. In Proceedings of the 10th European Software Engineering Conference held jointly with 13th ACM SIGSOFT International Symposium on Foundations of Software Engineering, pages 286--295, New York, NY, USA, 2005. ACM Press. Google Scholar
Digital Library
- G. Misherghi and Z. Su. HDD: Hierarchical delta debugging. In Proceedings of the 28th International Conference on Software Engineering, pages 142--151, New York, NY, USA, 2006. ACM Press. Google Scholar
Digital Library
- G. C. Necula, S. McPeak, and W. Weimer. CCured: type--safe retrofitting of legacy code. In Proceedings of the 29th ACM SIGPLAN--SIGACT symposium on Principles of Programming Languages, pages 128--139, New York, NY, USA, 2002. ACM Press. Google Scholar
Digital Library
- N. Nethercote and J. Fitzhardinge. Bounds-checking entire programs without recompiling. In SPACE 2004, Venice, Italy, Jan. 2004.Google Scholar
- PaX Team. PaX address space layout randomization (ASLR). http://pax.grsecurity.net/docs/aslr.txt.Google Scholar
- F. Qin, J. Tucek, J. Sundaresan, and Y. Zhou. Rx: Treating bugs as allergies: A safe method to survive software failures. In Proceedings of the Twentieth Symposium on Operating Systems Principles, volume XX of Operating Systems Review, Brighton, UK, Oct. 2005. ACM. Google Scholar
Digital Library
- M. K. Qureshi, O. Mutlu, and Y. N. Patt. Microarchitecture--based introspection: a technique for transient--fault tolerance in microprocessors. In Proceedings of the 2005 International Conference on Dependable Systems and Networks (DSN 2005), pages 434--443, 2005. Google Scholar
Digital Library
- G. A. Reis, J. Chang, N. Vachharajani, R. Rangan, and D. I. August. SWIFT: Software Implemented Fault Tolerance. In Proceedings of the International Symposium on Code Generation and Optimization, pages 243--254, Washington, DC, USA, 2005. IEEE Computer Society. Google Scholar
Digital Library
- M. Rinard, C. Cadar, D. Dumitran, D. M. Roy, and T. Leu. A dynamic technique for eliminating buffer overflow vulnerabilities (and other memory errors). In Proceedings of the 2004 Annual Computer Security Applications Conference, Dec. 2004. Google Scholar
Digital Library
- M. Rinard, C. Cadar, D. Dumitran, D. M. Roy, T. Leu, and J. William S. Beebee. Enhancing server availability and security through failure--oblivious computing. In Sixth Symposium on Operating Systems Design and Implementation, San Francisco, CA, Dec. 2004. USENIX. Google Scholar
Digital Library
- W. Robertson, C. Kruegel, D. Mutz, and F. Valeur. Run-time detection of heap-based overflows. In Proceedings of the 17th Large Installation Systems Administration Conference, pages 51--60. USENIX, 2003. Google Scholar
Digital Library
- G. S. Roy. mpatrol: Related software. http://www.cbmamiga.demon.co.uk/mpatrol/mpatrol_83.html, Nov. 2006.Google Scholar
- C. Runciman and N. Rojemo. Lag, drag and postmortem heap profiling. In Implementation of Functional Languages Workshop, Bastad, Sweden, Sept. 1995.Google Scholar
- J. Seward and N. Nethercote. Using Valgrind to detect undefined value errors with bit-precision. In Proceedings of the USENIX'05 Annual Technical Conference, Anaheim, California, USA, Apr. 2005. Google Scholar
Digital Library
- S. Sidiroglou, M. E. Locasto, S. W. Boyd, and A. D. Keromytis. Building a reactive immune system for software services. In USENIX Annual Technical Conference, pages 149--161. USENIX, 2005. Google Scholar
Digital Library
- S. Sidiroglou, M. E. Locasto, S. W. Boyd, and A. D. Keromytis. From STEM to SEAD: Speculative execution for automated defense. In USENIX Annual Technical Conference. USENIX, 2007. Google Scholar
Digital Library
- Standard Performance Evaluation Corporation. SPEC2000. http://www.spec.org.Google Scholar
- Symantec. Internet security threat report. http://www.symantec.com/enterprise/threatreport/index.jsp, Sept. 2006.Google Scholar
- W. Xu, D. C. DuVarney, and R. Sekar. An efficient and backwards--compatible transformation to ensure memory safety of C programs. In Proceedings of the 12th ACM SIGSOFT Twelfth International Symposium on Foundations of Software Engineering, pages 117--126, New York, NY, USA, 2004. ACM Press. Google Scholar
Digital Library
- S. H. Yong and S. Horwitz. Protecting C programs from attacks via invalid pointer dereferences. In 11th ACM SIGSOFT International Symposium on Foundations of Software Engineering, pages 307--316, New York, NY, USA, 2003. ACM Press. Google Scholar
Digital Library
- Y. Younan, W. Joosen, F. Piessens, and H. V. den Eynden. Security of memory allocators for C and C++. Technical Report CW 419, Department of Computer Science, Katholieke Universiteit Leuven, Belgium, July 2005.Google Scholar
- A. Zeller. Yesterday, my program worked. Today, it does not. Why? In Proceedings of the 7th European Software Engineering Conference held jointly with the 7th ACM SIGSOFT International Symposium on Foundations of Software Engineering, pages 253--267, London, UK, 1999. Springer-Verlag. Google Scholar
Digital Library
Index Terms
Exterminator: automatically correcting memory errors with high probability
Recommendations
Exterminator: Automatically correcting memory errors with high probability
Surviving the data delugePrograms written in C and C++ are susceptible to memory errors, including buffer overflows and dangling pointers. These errors, which can lead to crashes, erroneous execution, and security vulnerabilities, are notoriously costly to repair. Tracking down ...
Exterminator: automatically correcting memory errors with high probability
Proceedings of the 2007 PLDI conferencePrograms written in C and C++ are susceptible to memory errors, including buffer overflows and dangling pointers. These errors, whichcan lead to crashes, erroneous execution, and security vulnerabilities, are notoriously costly to repair. Tracking down ...
Archipelago: trading address space for reliability and security
ASPLOS XIII: Proceedings of the 13th international conference on Architectural support for programming languages and operating systemsMemory errors are a notorious source of security vulnerabilities that can lead to service interruptions, information leakage and unauthorized access. Because such errors are also difficult to debug, the absence of timely patches can leave users ...







Comments