Context-Aware Failure-Oblivious Computing as a Means of Preventing Buffer Overflows

  • Manuel Rigger
  • Daniel Pekarek
  • Hanspeter Mössenböck
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11058)


In languages like C, buffer overflows are widespread. A common mitigation technique is to use tools that detect them during execution and abort the program to prevent data leakage or the diversion of control flow. However, for server applications, it would be desirable to prevent such errors while maintaining availability of the system. To this end, we present an approach to handling buffer overflows without aborting the program. This approach involves implementing a recovery logic in library functions based on an introspection function that allows querying the size of a buffer. We demonstrate that introspection can be implemented in popular bug-finding and bug-mitigation tools such as LLVM’s AddressSanitizer, SoftBound, and Intel-MPX-based bounds checking. We evaluated our approach in a case study of real-world bugs and show that for tools that explicitly track bounds data, introspection results in a low performance overhead.


Memory safety Reliability Dependability Availability Fault tolerance 


  1. 1.
    Akritidis, P., Costa, M., Castro, M., Hand, S.: Baggy bounds checking: an efficient and backwards-compatible defense against out-of-bounds errors. In: Proceedings of the 18th Conference on USENIX Security Symposium, SSYM 2009, pp. 51–66. USENIX Association, Berkeley, CA, USA (2009)Google Scholar
  2. 2.
    Baratloo, A., Singh, N., Tsai, T.: Libsafe: protecting critical elements of stacks. White Paper (1999).
  3. 3.
    Bruening, D., Zhao, Q.: Practical memory checking with Dr. memory. In: Proceedings of the 9th Annual IEEE/ACM International Symposium on Code Generation and Optimization, CGO 2011, pp. 213–223. IEEE Computer Society, Washington, DC, USA (2011)Google Scholar
  4. 4.
    Brunink, M., Susskraut, M., Fetzer, C.: Boundless memory allocations for memory safety and high availability. In: Proceedings of the 2011 IEEE/IFIP 41st International Conference on Dependable Systems & Networks, DSN 2011, pp. 13–24. IEEE Computer Society, Washington, DC, USA (2011).
  5. 5.
    Cowan, C., Wagle, P., Pu, C., Beattie, S., Walpole, J.: Buffer overflows: attacks and defenses for the vulnerability of the decade. In: Proceedings of the DARPA Information Survivability Conference and Exposition, DISCEX 2000, vol. 2, pp. 119–129. IEEE (2000)Google Scholar
  6. 6.
    Duck, G.J., Yap, R.H.C.: Heap bounds protection with low fat pointers. In: Proceedings of the 25th International Conference on Compiler Construction, CC 2016, pp. 132–142. ACM, New York, NY, USA (2016).
  7. 7.
    Duck, G.J., Yap, R.H.C.: EffectiveSan: type and memory error detection using dynamically typed C/C++. In: Proceedings of the 39th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2018, pp. 181–195. ACM, New York (2018).
  8. 8.
    Duck, G.J., Yap, R.H., Cavallaro, L.: Stack bounds protection with low fat pointers. In: Symposium on Network and Distributed System Security (2017)Google Scholar
  9. 9.
    Durieux, T., Hamadi, Y., Yu, Z., Baudry, B., Monperrus, M.: Exhaustive exploration of the failure-oblivious computing search space. In: Proceedings of the International Conference on Software Testing and Verification (ICST), ICST 2018, April 2018 (2018)Google Scholar
  10. 10.
    Kell, S.: Towards a dynamic object model within unix processes. In: 2015 ACM International Symposium on New Ideas, New Paradigms, and Reflections on Programming and Software (Onward!), Onward! 2015, pp. 224–239. ACM, New York (2015).
  11. 11.
    Kell, S.: Dynamically diagnosing type errors in unsafe code. In: Proceedings of the 2016 ACM SIGPLAN International Conference on Object-Oriented Programming, Systems, Languages, and Applications, OOPSLA 2016, pp. 800–819. ACM, New York (2016).
  12. 12.
    Kuvaiskii, D., et al.: SGXBOUNDS: memory safety for shielded execution. In: Proceedings of the Twelfth European Conference on Computer Systems. EuroSys 2017, pp. 205–221. ACM, New York (2017).
  13. 13.
    Lattner, C., Adve, V.: LLVM: a compilation framework for lifelong program analysis transformation. In: CGO 2004, pp. 75–86 (2004)Google Scholar
  14. 14.
    Long, F., Sidiroglou-Douskos, S., Rinard, M.: Automatic runtime error repair and containment via recovery shepherding. In: Proceedings of the 35th ACMSIGPLAN Conference on Programming Language Design and Implementation, PLDI 2014, pp. 227–238. ACM, New York (2014).
  15. 15.
    Nagarakatte, S., Zhao, J., Martin, M.M., Zdancewic, S.: Softbound: Highly compatible and complete spatial memory safety for C. In: Proceedings of the30th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2009, pp. 245–258. ACM, New York (2009).
  16. 16.
    Nagarakatte, S., Zhao, J., Martin, M.M., Zdancewic, S.: CETS: compiler enforced temporal safety for C, pp. 31–40 (2010).
  17. 17.
    Nethercote, N., Seward, J.: How to shadow every byte of memory used by a program. In: Proceedings of the 3rd International Conference on Virtual Execution Environments, VEE 2007, pp. 65–74. ACM, New York (2007).
  18. 18.
    Nethercote, N., Seward, J.: Valgrind: a framework for heavyweight dynamic binary instrumentation. In: Proceedings of the 28th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2007, pp. 89–100. ACM, New York (2007).
  19. 19.
    Oleksenko, O., Kuvaiskii, D., Bhatotia, P., Felber, P., Fetzer, C.: Intel MPX explained: a cross-layer analysis of the intel MPX system stack. Proc. ACM Meas. Anal. Comput. Syst. 2(2), 28:1–28:30 (2018). Scholar
  20. 20.
    Rigger, M., Grimmer, M., Wimmer, C., Würthinger, T., Mössenböck, H.: Bringing low-level languages to the JVM: efficient execution of LLVM IR on truffle. In: Proceedings of the 8th International Workshop on Virtual Machines and Intermediate Languages, VMIL 2016, pp. 6–15. ACM, New York (2016).
  21. 21.
    Rigger, M., Schatz, R., Grimmer, M., Mössenböck, H.: Lenient execution of c on a java virtual machine: Or: How i learned to stop worrying and run the code. In: Proceedings of the 14th International Conference on Managed Languages and Runtimes, ManLang 2017, pp. 35–47. ACM, New York (2017).
  22. 22.
    Rigger, M., Schatz, R., Mayrhofer, R., Grimmer, M., Mössenböck, H.: Sulong, and thanks for all the bugs: finding errors in C programs by abstracting from the native execution model. In: Proceedings of the Twenty-Third International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS 2018.
  23. 23.
    Rigger, M., Schatz, R., Mayrhofer, R., Grimmer, M., Mössenböck, H.: Introspection for C and its applications to library robustness. Art Sci. Eng. Program. (2) (2018).
  24. 24.
    Rinard, M.: Acceptability-oriented computing. In: Companion of the 18th Annual ACM SIGPLAN Conference on Object-oriented Programming, Systems, Languages, and Applications, OOPSLA 2003, pp. 221–239. ACM, New York (2003).
  25. 25.
    Rinard, M., Cadar, C., Dumitran, D., Roy, D.M., Leu, T., Beebee, Jr., W.S.: Enhancing server availability and security through failure-oblivious computing. In: Proceedings of the 6th Conference on Symposium on Opearting Systems Design & Implementation, OSDI 2004, vol. 6, p. 21. USENIX Association, Berkeley (2004)Google Scholar
  26. 26.
    Rinard, M.C.: Failure-oblivious computing and boundless memory blocks, Technical report (2005)Google Scholar
  27. 27.
    Serebryany, K., Bruening, D., Potapenko, A., Vyukov, D.: AddressSanitizer: a fast address sanity checker. In: USENIX Annual Technical Conference, pp. 309–318 (2012)Google Scholar
  28. 28.
    Shacham, H.: The geometry of innocent flesh on the bone: Return-into-libc without function calls (on the x86). In: Proceedings of the 14th ACM Conference on Computer and Communications Security, CCS 2007, pp. 552–561. ACM, New York (2007).
  29. 29.
    Sidiroglou, S., Locasto, M.E., Boyd, S.W., Keromytis, A.D.: Building a reactive immune system for software services. In: Proceedings of the Annual Conference on USENIX Annual Technical Conference, ATEC 2005, p. 11. USENIX Association, Berkeley (2005)Google Scholar
  30. 30.
    Song, D., et al.: Sok: sanitizing for security. In: IEEE Symposium on Security and Privacy (S&P 2019) (2019, to Appear). AcceptedGoogle Scholar
  31. 31.
    Strackx, R., Younan, Y., Philippaerts, P., Piessens, F., Lachmund, S., Walter, T.: Breaking the memory secrecy assumption. In: Proceedings of the Second European Workshop on System Security, EUROSEC 2009, pp. 1–8. ACM, New York (2009).
  32. 32.
    Szekeres, L., Payer, M., Wei, T., Song, D.: Sok: eternal war in memory. In: Proceedings of the 2013 IEEE Symposium on Security and Privacy, SP 2013, pp. 48–62. IEEE Computer Society, Washington, DC (2013).
  33. 33.
    The MITRE Corporation: Common vulnerabilities and exposures.
  34. 34.
    van der Veen, V., dutt-Sharma, N., Cavallaro, L., Bos, H.: Memory errors: the past, the present, and the future. In: Balzarotti, D., Stolfo, S.J., Cova, M. (eds.) RAID 2012. LNCS, vol. 7462, pp. 86–106. Springer, Heidelberg (2012). Scholar
  35. 35.
    Watson, R.N.M., et al.: Cheri: a hybrid capability-system architecture for scalable software compartmentalization. In: 2015 IEEE Symposium on Security and Privacy, pp. 20–37, May 2015.
  36. 36.
    Younan, Y., Joosen, W., Piessens, F.: Runtime countermeasures for code injection attacks against C and C++ programs. ACM Comput. Surv. 44(3), 17:1–17:28 (2012). Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  • Manuel Rigger
    • 1
  • Daniel Pekarek
    • 1
  • Hanspeter Mössenböck
    • 1
  1. 1.Johannes Kepler University LinzLinzAustria

Personalised recommendations