Software Security - Theories and Systems pp 209-225
Lightweight Wrappers for Interfacing with Binary Code in CCured
- Cite this paper as:
- Harren M., Necula G.C. (2004) Lightweight Wrappers for Interfacing with Binary Code in CCured. In: Futatsugi K., Mizoguchi F., Yonezaki N. (eds) Software Security - Theories and Systems. Lecture Notes in Computer Science, vol 3233. Springer, Berlin, Heidelberg
The wide use of separate compilation and precompiled libraries among programmers poses a challenge to source-code based security and analysis tools such as CCured. These tools must understand enough of the behavior of precompiled libraries that they can prevent any unsafe use of the library. The situation is even more complicated for instrumentation tools that change the layout of data to accommodate array bounds or other metadata that is necessary for safety checking.
This paper describes the solution we use with CCured: a system of context-sensitive wrapper functions. These wrappers check that library functions are invoked on valid arguments, and also maintain the extra runtime invariants imposed by CCured. We describe the design of these wrappers and our experiences using them, including the case where complex data structures are passed to or from the library.
Unable to display preview. Download preview PDF.