skip to main content
article

Shadow state encoding for efficient monitoring of block-level properties

Published:18 June 2017Publication History
Skip Abstract Section

Abstract

Memory shadowing associates addresses from an application's memory to values stored in a disjoint memory space called shadow memory. At runtime shadow values store metadata about application memory locations they are mapped to. Shadow state encodings -- the structure of shadow values and their interpretation -- vary across different tools. Encodings used by the state-of-the-art monitoring tools have been proven useful for tracking memory at a byte-level, but cannot address properties related to memory block boundaries. Tracking block boundaries is however crucial for spatial memory safety analysis, where a spatial violation such as out-of-bounds access, may dereference an allocated location belonging to an adjacent block or a different struct member.

This paper describes two novel shadow state encodings which capture block-boundary-related properties. These encodings have been implemented in E-ACSL - a runtime verification tool for C programs. Initial experiments involving checking validity of pointer and array accesses in computationally intensive runs of programs selected from SPEC CPU benchmarks demonstrate runtime and memory overheads comparable to state-of-the-art memory debuggers.

References

  1. Runtime error annotation generation plug-in, 2009. https:// frama-c.com/rte.html.Google ScholarGoogle Scholar
  2. P. Akritidis, C. Cadar, C. Raiciu, M. Costa, and M. Castro. Preventing memory error exploits with WIT. In Proceedings of the IEEE Symposium on Security and Privacy, pages 263–277. IEEE Computer Society, May 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. P. Akritidis, M. Costa, M. Castro, and S. Hand. Baggy bounds checking: An efficient and backwards-compatible defense against out-ofbounds errors. In Proceedings of the USENIX Security Symposium, pages 51–66. USENIX Association, August 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. A. Arya and C. Neckar. Fuzzing for security, April 2012. http:// blog.chromium.org/2012/04/fuzzing-for-security.html.Google ScholarGoogle Scholar
  5. H. B¨eck. Safer use of C code - running gentoo with AddressSanitizer, January 2016.Google ScholarGoogle Scholar
  6. https://blog.hboeck.de/archives/ 879-Safer-use-of-C-code-running-Gentoo-with-Address-Sanitizer.html.Google ScholarGoogle Scholar
  7. D. Bruening and Q. Zhao. Practical memory checking with Dr. Memory. In Proceedings of the Annual IEEE/ACM International Symposium on Code Generation and Optimization, CGO ’11, pages 213–223, Washington, DC, USA, 2011. IEEE Computer Society. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. D. L. Bruening. Efficient, Transparent, and Comprehensive Runtime Code Manipulation. PhD thesis, Massachusetts Institute of Technology, Cambridge, MA, USA, 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. S. Christey. 2011 CWE/SANS top 25 most dangerous software errors. Technical Report 1.0.3, The MITRE Corporation, http://www. mitre.org, September 2011.Google ScholarGoogle Scholar
  10. M. Delahaye, N. Kosmatov, and J. Signoles. Common specification language for static and dynamic analysis of C programs. In Proceedings of the ACM Symposium on Applied Computing, pages 1230–1235. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. ACM, March 2013.Google ScholarGoogle Scholar
  12. D. Dhurjati and V. S. Adve. Backwards-compatible array bounds checking for C with very low overhead. In Proceedings of the International Conference on Software Engineering, pages 162–171. ACM, May 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. F. C. Eigler. Mudflap: pointer use checking for C/C++. In Proceedings of the GCC Developers Summit, pages 57–70, May 2003.Google ScholarGoogle Scholar
  14. J. Evans. A scalable concurrent malloc(3) implementation for FreeBSD. In Proceedings of the Technical BSD Conference, April 2006.Google ScholarGoogle Scholar
  15. S. Ghemawat and P. Menage. TCMalloc: Thread-caching malloc, 2009. http://goog-perftools.sourceforge.net/doc/ tcmalloc.html.Google ScholarGoogle Scholar
  16. I. Haller, E. van der Kouwe, C. Giuffrida, and H. Bos. METAlloc: Efficient and comprehensive metadata management for software security hardening. In Proceedings of the European Workshop on System Security, EuroSec ’16, pages 5:1–5:6. ACM, 2016. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. N. Hasabnis, A. Misra, and R. Sekar. Light-weight bounds checking. In Proceedings of the International Symposium on Code Generation and Optimization, CGO ’12, pages 135–144, New York, NY, USA, 2012. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. R. Hastings and B. Joyce. Purify: Fast detection of memory leaks and access errors. In Proceedings of the Winter USENIX Conference, pages 125–136, January 1992.Google ScholarGoogle Scholar
  19. A. Jakobsson, N. Kosmatov, and J. Signoles. Fast as a shadow, expressive as a tree: hybrid memory monitoring for C. In Proceedings of the Annual ACM Symposium on Applied Computing, pages 1765– 1772. ACM, April 2015. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. A. Jakobsson, N. Kosmatov, and J. Signoles. Fast as a shadow, expressive as a tree: Optimized memory monitoring for C. Science of Computer Programming, 132, Part 2:226 – 246, 2016. Special Issue on Software Verification and Testing (SAC-SVT’15). Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. T. Jim, J. G. Morrisett, D. Grossman, M. W. Hicks, J. Cheney, and Y. Wang. Cyclone: A safe dialect of C. In Proceedings of the General Track: 2002 USENIX Annual Technical Conference, pages 275–288. USENIX, June 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. R. W. M. Jones and P. H. J. Kelly. Backwards-compatible bounds checking for arrays and pointers in C programs. In Proceedings of the International Workshop on Automatic Debugging, pages 13–26. Linköping University Electronic Press, September 1997.Google ScholarGoogle Scholar
  23. F. Kirchner, N. Kosmatov, V. Prevosto, J. Signoles, and B. Yakobowski. Frama-C: A software analysis perspective. Formal Aspects of Computing, 27(3):573–609, 2015. Google ScholarGoogle ScholarCross RefCross Ref
  24. N. Kosmatov, G. Petiot, and J. Signoles. An optimized memory monitoring for runtime assertion checking of C programs. In Proceedings of the International Conference on Runtime Verification, volume 8174 of Lecture Notes in Computer Science, pages 167–182. Springer, September 2013.Google ScholarGoogle ScholarCross RefCross Ref
  25. V. Kuznetsov, L. Szekeres, M. Payer, G. Candea, R. Sekar, and D. Song. Code-pointer integrity. In Proceedings of the USENIX Symposium on Operating Systems Design and Implementation, pages 147– 163. USENIX Association, October 2014. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. A. Kwon, U. Dhawan, J. M. Smith, T. F. K. Jr., and A. DeHon. Low-fat pointers: compact encoding and efficient gate-level implementation of fat pointers for spatial safety and capability-based security. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security, pages 721–732. ACM, November 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. S. Nagarakatte, J. Zhao, M. M. K. Martin, and S. Zdancewic. Soft-Bound: highly compatible and complete spatial memory safety for C. In Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation, pages 245–258. ACM, June 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. G. C. Necula, J. Condit, M. Harren, S. McPeak, and W. Weimer. CCured: Type-safe retrofitting of legacy software. ACM Transactions on Programming Languages and Systems, 27(3):477–526, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. N. Nethercote and J. Seward. Valgrind: A program supervision framework. Electronic Notes in Theoretical Computer Science, 89(2):44– 66, 2003.Google ScholarGoogle ScholarCross RefCross Ref
  30. N. Nethercote and J. Seward. Valgrind: a framework for heavyweight dynamic binary instrumentation. SIGPLAN Notices, 42(6):89–100, June 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. F. Qin, C. Wang, Z. Li, H. Kim, Y. Zhou, and Y. Wu. LIFT: A lowoverhead practical information flow tracking system for detecting security attacks. In Proceedings of the IEEE/ACM International Symposium on Microarchitecture, pages 135–148, December 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. O. Ruwase and M. S. Lam. A practical dynamic buffer overflow detector. In Proceedings of the Network and Distributed System Security Symposium. The Internet Society, December 2004.Google ScholarGoogle Scholar
  33. K. Serebryany, D. Bruening, A. Potapenko, and D. Vyukov. Address-Sanitizer: A fast address sanity checker. In Proceedings of the USENIX Annual Technical Conference, pages 309–319. USENIX Association, June 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. K. Serebryany, A. Potapenko, T. Iskhodzhanov, and D. Vyukov. Dynamic race detection with LLVM compiler - compile-time instrumentation for threadsanitizer. In Proceedings of the International Conference on Runtime Verification, volume 7186 of Lecture Notes in Computer Science, pages 110–114. Springer, September 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. J. Seward and N. Nethercote. Using Valgrind to detect undefined value errors with bit-precision. In Proceedings of the USENIX Annual Technical Conference, pages 17–30. USENIX, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. SGCheck: An experimental stack and global array overrun detector. http://valgrind.org/docs/manual/sg-manual.html.Google ScholarGoogle Scholar
  37. Standard Performance Evaluation Corporation. SPEC CPU, 2006. http://www.spec.org/benchmarks.html.Google ScholarGoogle Scholar
  38. E. Stepanov and K. Serebryany. MemorySanitizer: fast detector of uninitialized memory use in C++. In Proceedings of the Annual IEEE/ACM International Symposium on Code Generation and Optimization, pages 46–55. IEEE Computer Society, February 2015. Google ScholarGoogle ScholarDigital LibraryDigital Library
  39. W. Szpankowski. Patricia tries again revisited. Journal of the ACM, 37(4):691–711, October 1990. Google ScholarGoogle ScholarDigital LibraryDigital Library
  40. Projects using Valgrind. http://valgrind.org/gallery/users. html.Google ScholarGoogle Scholar
  41. V. van der Veen, N. dutt Sharma, L. Cavallaro, and H. Bos. Memory errors: The past, the present, and the future. In Proceedings of the International Symposium on Research in Attacks, Intrusions, and Defenses (RAID), September 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  42. K. Vorobyov, P. Krishnan, and P. Stocks. A dynamic approach to locating memory leaks. In Proceedings of the IFIP International Conference on Testing Software and Systems, volume 8254 of Lecture Notes in Computer Science, pages 255–270. Springer, November 2013.Google ScholarGoogle ScholarCross RefCross Ref
  43. W. Xu, D. C. DuVarney, and R. Sekar. An efficient and backwardscompatible transformation to ensure memory safety of C programs. In Proceedings of the ACM SIGSOFT International Symposium on Foundations of Software Engineering, pages 117–126. ACM, October - November 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library
  44. H. Yin, D. X. Song, M. Egele, C. Kruegel, and E. Kirda. Panorama: Capturing system-wide information flow for malware detection and analysis. In Proceedings of the ACM Conference on Computer and Communications Security, pages 116–127. ACM, October 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Shadow state encoding for efficient monitoring of block-level properties

        Recommendations

        Comments

        Login options

        Check if you have access through your login credentials or your institution to get full access on this article.

        Sign in

        Full Access

        • Published in

          cover image ACM SIGPLAN Notices
          ACM SIGPLAN Notices  Volume 52, Issue 9
          ISMM '17
          September 2017
          127 pages
          ISSN:0362-1340
          EISSN:1558-1160
          DOI:10.1145/3156685
          Issue’s Table of Contents
          • cover image ACM Conferences
            ISMM 2017: Proceedings of the 2017 ACM SIGPLAN International Symposium on Memory Management
            June 2017
            127 pages
            ISBN:9781450350440
            DOI:10.1145/3092255

          Copyright © 2017 ACM

          Publisher

          Association for Computing Machinery

          New York, NY, United States

          Publication History

          • Published: 18 June 2017

          Check for updates

          Qualifiers

          • article

        PDF Format

        View or Download as a PDF file.

        PDF

        eReader

        View online with eReader.

        eReader
        About Cookies On This Site

        We use cookies to ensure that we give you the best experience on our website.

        Learn more

        Got it!