skip to main content
research-article

Cruiser: concurrent heap buffer overflow monitoring using lock-free data structures

Authors Info & Claims
Published:04 June 2011Publication History
Skip Abstract Section

Abstract

Security enforcement inlined into user threads often delays the protected programs; inlined resource reclamation may interrupt program execution and defer resource release. We propose software cruising, a novel technique that migrates security enforcement and resource reclamation from user threads to a concurrent monitor thread. The technique leverages the increasingly popular multicore and multiprocessor architectures and uses lock-free data structures to achieve non-blocking and efficient synchronization between the monitor and user threads. As a case study, software cruising is applied to the heap buffer overflow problem. Previous mitigation and detection techniques for this problem suffer from high performance overhead, legacy code compatibility, semantics loyalty, or tedious manual program transformation. We present a concurrent heap buffer overflow detector, Cruiser, in which a concurrent thread is added to the user program to monitor heap integrity, and custom lock-free data structures and algorithms are designed to achieve high efficiency and scalability. The experiments show that our approach is practical: it imposes an average of 5% performance overhead on SPEC CPU2006, and the throughput slowdown on Apache is negligible on average.

References

  1. M. Abadi, M. Budiu, U. Erlingsson, and J. Ligatti. Control-flow integrity. In CCS '05, pages 340--353. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. P. Akritidis, M. Costa, M. Castro, and S. Hand. Baggy bounds checking: an efficient and backwards-compatible defense against out-of-bounds errors. In Usenix Security '09, pages 51--66. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. AlephOne. Smashing the stack for fun and profit. Phrack, 7 (49), 1996.Google ScholarGoogle Scholar
  4. T. M. Austin, S. E. Breach, and G. S. Sohi. Efficient detection of all pointer and array access errors. In PLDI '04, pages 290--301. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. K. Avijit and P. Gupta. Tied, libsafeplus, tools for runtime buffer overflow protection. In Usenix Security '04, pages 4--4. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. E. G. Barrantes, D. H. Ackley, T. S. Palmer, D. Stefanovic, and D. D. Zovi. Randomized instruction set emulation to disrupt binary code injection attacks. In CCS '03, pages 281--289. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. E. Bhatkar, D. C. Duvarney, and R. Sekar. Address obfuscation: an efficient approach to combat a broad range of memory error exploits. In Usenix Security '03, pages 105--120. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. Bulba and Kil3r. Bypassing StackGuard and StackShield. Phrack, 10 (56), May 2000.Google ScholarGoogle Scholar
  9. M. Castro, M. Costa, and T. Harris. Securing software by enforcing data-flow integrity. In OSDI '06, pages 147--160. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. CERT Advisory, CA-2001-19 CodeRed worm.Google ScholarGoogle Scholar
  11. CERT Advisory, CA-2002-33 Heap Overflow Vulnerability in Microsoft Data Access Components.Google ScholarGoogle Scholar
  12. CERT Advisory, CA-2003-20 SQLSlammer worm.Google ScholarGoogle Scholar
  13. S. Chen, J. Xu, E. C. Sezer, P. Gauriar, and R. K. Iyer. Non-control-data attacks are realistic threats. In Usenix Security '05, pages 177--192, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. T. Chiueh and F. Hsu. RAD: A compile-time solution to buffer overflow attacks. In ICDCS '01, pages 409--417. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. M. Conover. w00w00 on heap overflows, 1999. www.w00w00.org/ files/articles/heaptut.txt.Google ScholarGoogle Scholar
  16. C. Cowan and S. Beattie. PointGuard: protecting pointers from buffer overflow vulnerabilities. In Usenix Security '03, pages 91--104. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. C. Cowan and C. Pu. StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks. In Usenix Security '98, pages 63--78, January 1998. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. B. Cox, D. Evans, A. Filipi, J. Rowanhill, W. Hu, J. Davidson, J. Knight, A. Nguyen-Tuong, and J. Hiser. N-variant systems: a secretless framework for security through diversity. In Usenix Security '06, pages 105--120. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. E. D.Berger. HeapShield: Library-based heap overflow protection for free. Tech. report, Univ. of Massachusetts Amherst, 2006.Google ScholarGoogle Scholar
  20. N. Dor, M. Rodeh, and M. Sagiv. CSSV: towards a realistic tool for statically detecting all buffer overflows in C. In PLDI '03, pages 155--167, June 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. T. Durden. Bypassing PaX ASLR protection. Phrack, 2002.Google ScholarGoogle Scholar
  22. E. Fence. Malloc debugger. http://directory.fsf.org/project/ElectricFence/.Google ScholarGoogle Scholar
  23. M. Frantzen and M. Shuey. Stackghost: Hardware facilitated stack protection. In Usenix Security '01, pages 55--66. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. J. Giacomoni, T. Moseley, and M. Vachharajani. Fastforward for efficient pipeline parallelism: a cache-optimized concurrent lock-free queue. In PPoPP '08, pages 43--52. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. N. Hardy. The confused deputy. ACM Oper. Syst. Rev., 22 (4): 36--38. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. T. L. Harris. A pragmatic implementation of non-blocking linked lists. In DISC '01, pages 300--314. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. R. Hastings and B. Joyce. Purify: Fast detection of memory leaks and access errors. In the Winter 1992 Usenix Conference, pages 125--136.Google ScholarGoogle Scholar
  28. M. Herlihy. A methodology for implementing highly concurrent data structures. In PPoPP '90, pages 197--206. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. IBM. ProPolice detector. www.trl.ibm.com/projects/security/ssp/.Google ScholarGoogle Scholar
  30. IBM System/370 Extended Architecture, Principles of Operations. IBM Publication No. SA22-7085, 1983.Google ScholarGoogle Scholar
  31. T. Jim, J. G. Morrisett, D. Grossman, M. W. Hicks, J. Cheney, and Y. Wang. Cyclone: A safe dialect of C. In Usenix ATC '02, pages 275--288, June 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. R. W. M. Jones and P. H. J. Kelly. Backwards-compatible bounds checking for arrays and pointers in C programs. In the International Workshop on Automatic Debugging, 1997.Google ScholarGoogle Scholar
  33. M. Kaempf. Vudo malloc tricks. Phrack, 11 (57), 2001.Google ScholarGoogle Scholar
  34. V. Kiriansky, D. Bruening, and S. P. Amarasinghe. Secure execution via program shepherding. In Usenix Security '02, pages 191--206. Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. L. Lamport. Proving the correctness of multiprocess programs. IEEE Trans. Softw. Eng., 3 (2): 125--143, 1977. Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. D. Lea. dlmalloc. http://g.oswego.edu/.Google ScholarGoogle Scholar
  37. P. Lee, T. Bu, and G. Chandranmenon. A lock-free, cache-efficient multi-core synchronization mechanism for line-rate network traffic monitoring. In IPDPS '10, pages 1--12.Google ScholarGoogle Scholar
  38. R. Lemos. Counting the cost of Slammer, 2003. http://news.cnet.com/ Counting-the-cost-of-Slammer/2100-1002_3-982955.html.Google ScholarGoogle Scholar
  39. M. M. Michael. Hazard pointers: Safe memory reclamation for lock-free objects. IEEE Trans. Parallel Distrib. Syst., 15 (6): 491--504, 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library
  40. M. M. Michael. High performance dynamic lock-free hash tables and list-based sets. In SPAA '02, pages 73--82. Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. MSDN. Structured exception handling. http://msdn.microsoft.com/en-us/library/ms680657(VS.85).aspx.Google ScholarGoogle Scholar
  42. G. C. Necula, J. Condit, M. Harren, S. McPeak, and W. Weimer. CCured: type-safe retrofitting of legacy software. ACM Trans. Program. Lang. Syst., 27 (3): 477--526, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  43. NIST. National Vulnerability Database. http://nvd.nist.gov/.Google ScholarGoogle Scholar
  44. NIST. SAMATE Reference Dataset. http://samate.nist.gov/SRD.Google ScholarGoogle Scholar
  45. G. Novark and E. D. Berger. Dieharder: securing the heap. In CCS '10, pages 573--584. Google ScholarGoogle ScholarDigital LibraryDigital Library
  46. Open Source project. Amino concurrent building blocks. http://amino-cbbs.sourceforge.net/.Google ScholarGoogle Scholar
  47. Open Source Project. libsigsegv. http://libsigsegv.sourceforge.net/.Google ScholarGoogle Scholar
  48. S. Prakash, Y.-H. Lee, and T. Johnson. A nonblocking algorithm for shared queues using compare-and-swap. IEEE Trans. Comput., 43 (5): 548--559, 1994. Google ScholarGoogle ScholarDigital LibraryDigital Library
  49. M. Prasad and T. Chiueh. A binary rewriting defense against stack based buffer overflow attacks. In Usenix ATC '03, pages 211--224.Google ScholarGoogle Scholar
  50. G. Richarte. Four different tricks to bypass StackShield and StackGuard protection. Tech. report, Core Security Tech., 2002.Google ScholarGoogle Scholar
  51. W. Robertson, C. Kruegel, D. Mutz, and F. Valeur. Run-time detection of heap-based overflows. In LISA '03, pages 51--60. Google ScholarGoogle ScholarDigital LibraryDigital Library
  52. O. Ruwase and M. S. Lam. A practical dynamic buffer overflow detector. In NDSS '04, pages 159--169.Google ScholarGoogle Scholar
  53. B. Salamat, T. Jackson, A. Gal, and M. Franz. Orchestra: intrusion detection using parallel execution and monitoring of program variants in user-space. In EuroSys '09, pages 33--46. Google ScholarGoogle ScholarDigital LibraryDigital Library
  54. SecuriTeam. http://www.securiteam.com/.Google ScholarGoogle Scholar
  55. SecurityFocus. CVS directory request double free heap corruption, 2003.Google ScholarGoogle Scholar
  56. SecurityFocus. Mozilla Firefox and Seamonkey regular expression parsing heap buffer overflow, 2009.Google ScholarGoogle Scholar
  57. SecurityFocus. Wu-ftpd file globbing heap corruption, 2001.Google ScholarGoogle Scholar
  58. SecurityFocus. libHX 'HX_split()' remote heap-based buffer overflow, 2010.Google ScholarGoogle Scholar
  59. SecurityFocus. Lynx browser 'convert_to_idna()' function remote heap based buffer overflow, 2010.Google ScholarGoogle Scholar
  60. SecurityFocus. http://www.securityfocus.com/.Google ScholarGoogle Scholar
  61. SecurityFocus. Sudo password prompt heap overflow, 2002.Google ScholarGoogle Scholar
  62. O. Shalev and N. Shavit. Split-ordered lists: Lock-free extensible hash tables. J. ACM, 53 (3): 379--405, 2006. Google ScholarGoogle ScholarCross RefCross Ref
  63. Solar Designer. Non-executable user stack, 1997. http://www.open wall.com/linux/.Google ScholarGoogle Scholar
  64. StackShield. http://www.angelfire.com/sk/stackshield/, January 2000.Google ScholarGoogle Scholar
  65. The PaX project. http://pax.grsecurity.net/.Google ScholarGoogle Scholar
  66. T. K. Tsai and N. Singh. Libsafe: Transparent system-wide protection against buffer overflow attacks. In DSN '02, pages 541--541. Google ScholarGoogle ScholarDigital LibraryDigital Library
  67. US-CERT. Vulnerability notes database. www.kb.cert.org/vuls.Google ScholarGoogle Scholar
  68. Valgrind. http://valgrind.org/.Google ScholarGoogle Scholar
  69. D. Wagner, J. S. Foster, E. A. Brewer, and A. Aiken. A first step towards automated detection of buffer overrun vulnerabilities. In NDSS'00, pages 3--17.Google ScholarGoogle Scholar
  70. J. Xu, Z. Kalbarczyk, S. Patel, and R. Iyer. Architecture support for defending against buffer overflow attacks. In Workshop Evaluating & Architecting Sys. Depend., 2002.Google ScholarGoogle Scholar
  71. M. Zhivich, T. Leek, and R. Lippmann. Dynamic buffer overflow detection. In Workshop on the Evaluation of Software Defect Detection Tools, 2005.Google ScholarGoogle Scholar

Index Terms

  1. Cruiser: concurrent heap buffer overflow monitoring using lock-free data structures

              Recommendations

              Comments

              Login options

              Check if you have access through your login credentials or your institution to get full access on this article.

              Sign in

              Full Access

              PDF Format

              View or Download as a PDF file.

              PDF

              eReader

              View online with eReader.

              eReader
              About Cookies On This Site

              We use cookies to ensure that we give you the best experience on our website.

              Learn more

              Got it!