Abstract
The wide use of separate compilation and precompiled libraries among programmers poses a challenge to source-code based security and analysis tools such as CCured. These tools must understand enough of the behavior of precompiled libraries that they can prevent any unsafe use of the library. The situation is even more complicated for instrumentation tools that change the layout of data to accommodate array bounds or other metadata that is necessary for safety checking.
This paper describes the solution we use with CCured: a system of context-sensitive wrapper functions. These wrappers check that library functions are invoked on valid arguments, and also maintain the extra runtime invariants imposed by CCured. We describe the design of these wrappers and our experiences using them, including the case where complex data structures are passed to or from the library.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Condit, J., Harren, M., McPeak, S., Necula, G.C., Weimer, W.: CCured in the real world. In: Proceedings of the ACM SIGPLAN 2003 conference on Programming Language Design and Implementation, pp. 232–244. ACM Press, New York (2003)
Newsham, T.: Format string attacks (2000), http://www.lava.net/~newsham/format-string-attacks.pdf
Vo, K.P., Wang, Y.M., Chung, P.E., Huang, Y.: Xept: a software instrumentation method for exception handling, 60–69 (1997)
Baratloo, A., Singh, N., Tsai, T.: Transparent run-time defense against stack smashing attacks. In: Proceedings of the USENIX Annual Technical Conference (2000)
Fetzer, C., Xiao, Z.: An automated approach to increasing the robustness of C libraries. In: Proceedings of the 2002 International Conference on Dependable Systems and Networks, pp. 155–166. IEEE Computer Society Press, Los Alamitos (2002)
Fetzer, C., Xiao, Z.: Detecting heap smashing attacks through fault containment wrappers. In: Proceedings of the 20th IEEE Symposium on Reliable Distributed Systems (2001)
Suenaga, K., Oiwa, Y., Sumii, E., Yonezawa, A.: The Interface Definition Language for Fail-Safe C. In: Futatsugi, K., Mizoguchi, F., Yonezaki, N. (eds.) ISSS 2003. LNCS, vol. 3233, pp. 192–208. Springer, Heidelberg (2004)
Tilevich, E., Smaragdakis, Y.: NRMI: Natural and efficient middleware. In: Proceedings of the 23rd International Conference on Distributed Computing Systems, p. 252. IEEE Computer Society Press, Los Alamitos (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Harren, M., Necula, G.C. (2004). Lightweight Wrappers for Interfacing with Binary Code in CCured. In: Futatsugi, K., Mizoguchi, F., Yonezaki, N. (eds) Software Security - Theories and Systems. ISSS 2003. Lecture Notes in Computer Science, vol 3233. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-37621-7_11
Download citation
DOI: https://doi.org/10.1007/978-3-540-37621-7_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-23635-1
Online ISBN: 978-3-540-37621-7
eBook Packages: Springer Book Archive