System programming languages such as C and C++ are designed to give the
programmer full control over the underlying hardware. However, this freedom comes
at the cost of type and memory safety violations which may allow an attacker to
compromise applications.
In particular, type safety violation, also known as type confusion, is one of the
major attack vectors to corrupt modern C++ applications. In the past years, several
type confusion detectors have been proposed, but they are severely limited by high
performance overhead, low detection coverage, and high false positive rates. To address these issues, we propose HexType and V-Type. First, we propose HexType, a
tool that provides low-overhead disjoint metadata structures, compiler optimizations,
and handles specific object allocation patterns. Thus, compared to prior work, HexType significantly improves detection coverage and reduces performance overhead. In
addition, HexType discovers new type confusion bugs in real world programs such as
Qt and Apache Xerces-C++. However, HexType still has considerable overhead from
managing the disjoint metadata structure and tracking individual objects, and has
false positives from imprecise object tracking, although HexType significantly reduces
performance overhead and detection coverage. To address these issues, we propose a
further advanced mechanism V-Type, which forcibly changes non-polymorphic types
into polymorphic types to make sure all objects maintain type information. By doing
this, V-Type removes the burden of tracking object allocation and deallocation and
of managing a disjoint metadata structure, which reduces performance overhead and
improves detection precision. Another major attack vector is memory safety violations, which attackers can take
advantage of by accessing out of bound or deleted memory. For memory safety violation detection, combining a fuzzer with sanitizers is a popular and effective approach.
However, we find that heavy metadata structure of current sanitizers hinders fuzzing
effectiveness. Thus, we introduce FuZZan to optimize sanitizer metadata structures
for fuzzing. Consequently, FuZZan improves fuzzing throughput, and this helps the
tester to discover more unique paths given the same amount of time and to find bugs
faster.
In conclusion, my research aims to eliminate critical and common C/C++ memory
and type safety violations through practical programming analysis techniques. For
this goal, through these three projects, I contribute to our community to effectively
detect type and memory safety violations.
| Identifer | oai:union.ndltd.org:purdue.edu/oai:figshare.com:article/12889415 |
| Date | 29 August 2020 |
| Creators | Yuseok Jeon (9217391) |
| Source Sets | Purdue University |
| Detected Language | English |
| Type | Text, Thesis |
| Relation | https://figshare.com/articles/thesis/Practical_Type_and_Memory_Safety_Violation_Detection_Mechanisms/12889415 |
Page generated in 0.0025 seconds