Younan, Yves, Philippaerts, Pieter, Cavallaro, Lorenzo, Sekar, R., Piessens, Frank and Joosen, Wouter (2010) PAriCheck: an efficient pointer arithmetic checker for C programs In: Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security. ACM.
Full text access: Open
Buffer overflows are still a significant problem in programs written in C and C++. In this paper we present a bounds checker, called PAriCheck, that inserts dynamic runtime checks to ensure that attackers are not able to abuse buffer overflow vulnerabilities. The main approach is based on checking pointer arithmetic rather than pointer dereferences when performing bounds checks. The checks are performed by assigning a unique label to each object and ensuring that the label is associated with each memory location that the object inhabits. Whenever pointer arithmetic occurs, the label of the base location is compared to the label of the resulting arithmetic. If the labels differ, an out-of-bounds calculation has occurred. Benchmarks show that PAriCheck has a very low performance overhead compared to similar bounds checkers. This paper demonstrates that using bounds checkers for programs or parts of programs running on high-security production systems is a realistic possibility.
This is a Submitted version This version's date is: 13/4/2010 This item is not peer reviewed
https://repository.royalholloway.ac.uk/items/419deb35-1e2a-da88-5bf4-5e03fa01f61f/1/
Deposited by Research Information System (atira) on 31-May-2012 in Royal Holloway Research Online.Last modified on 31-May-2012