Abstract
Sanitizers can detect security vulnerabilities in C/C++ code that elude static analysis. Current practice is to continuously fuzz and sanitize internal pre-release builds. Sanitization-enabled builds are rarely released publicly. This is in large part due to the high memory and processing requirements of sanitizers.
We present PartiSan, a run-time partitioning technique that speeds up sanitizers and allows them to be used in a more flexible manner. Our core idea is to partition the execution into sanitized slices that incur a run-time overhead, and “unsanitized” slices running at full speed. With PartiSan, sanitization is no longer an all-or-nothing proposition. A single build can be distributed to every user regardless of their willingness to enable sanitization and the capabilities of their host system. PartiSan enables application developers to define their own sanitization policies. Such policies can automatically adjust the amount of sanitization to fit within a performance budget or disable sanitization if the host lacks sufficient resources. The flexibility afforded by run-time partitioning also means that we can alternate between different types of sanitizers dynamically; today, developers have to pick a single type of sanitizer ahead of time. Finally, we show that run-time partitioning can speed up fuzzing by running the sanitized partition only when the fuzzer discovers an input that causes a crash or uncovers new execution paths.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
PartiSan is available upon request. Please contact the authors for a copy of the research artifacts.
- 2.
Note that ASan requires metadata to execute checks. The maintenance of this metadata constitutes residual overhead which cannot be removed.
References
Biswas, P., et al.: Venerable variadic vulnerabilities vanquished. In: 26th USENIX Security Symposium. SSYM 2017. USENIX Association, Vancouver (2017, to appear)
Crane, S., Homescu, A., Brunthaler, S., Larsen, P., Franz, M.: Thwarting cache side-channel attacks through dynamic software diversity. In: 22nd Annual Network and Distributed Systems Security Symposium. NDSS 2015. Internet Society, San Diego (2015)
Davi, L., Liebchen, C., Sadeghi, A.R., Snow, K.Z., Monrose, F.: Isomeron: code randomization resilient to (just-in-time) return-oriented programming. In: 22nd Annual Network and Distributed Systems Security Symposium. NDSS 2015. Internet Society, San Diego (2015)
Google: Fuzzer test suite (2018). https://github.com/google/fuzzer-test-suite
Haller, I., et al.: TypeSan: practical type confusion detection. In: 23rd ACM SIGSAC Conference on Computer and Communications Security. CCS 2016, pp. 517–528. ACM, New York (2016)
International Organization for Standardization: Information technology - programming languages - C. Standard, International Organization for Standardization, Geneva, CH, December 2011
Jeon, Y., Biswas, P., Carr, S., Lee, B., Payer, M.: HexType: efficient detection of type confusion errors for C++. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 2373–2387. ACM, New York (2017)
Koppen, G.: Discontinuing the hardened Tor browser series (2017). https://blog.torproject.org/blog/discontinuing-hardened-tor-browser-series
Kurmus, A., Zippel, R.: A tale of two kernels: towards ending kernel hardening wars with split kernel. In: 21st ACM SIGSAC Conference on Computer and Communications Security. CCS 2014, pp. 1366–1377. ACM, New York (2014)
Lattner, C., Adve, V.: LLVM: a compilation framework for lifelong program analysis & transformation. In: 2004 International Symposium on Code Generation and Optimization. CGO 2004, p. 75. IEEE Computer Society, Palo Alto (2004)
Lee, B., Song, C., Kim, T., Lee, W.: Type casting verification: stopping an emerging attack vector. In: 24th USENIX Security Symposium. SSYM 2015, pp. 81–96. USENIX Association, Austin (2015)
Lee, J., et al.: Taming undefined behavior in LLVM. In: 38th annual ACM SIGPLAN Conference on Programming Language Design and Implementation. PLDI 2017. ACM, Barcelona, June 2017
LLVM Developers: Undefined behavior sanitizer (2017). https://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html
LLVM Developers: libFuzzer (2018). https://llvm.org/docs/LibFuzzer.html
National Institute of Standards and Technology: National vulnerability database (2017). https://nvd.nist.gov
Serebryany, K., Bruening, D., Potapenko, A., Vyukov, D.: AddressSanitizer: a fast address sanity checker. In: 2012 USENIX Annual Technical Conference. ATC 2012, p. 28. USENIX Association, Berkeley (2012)
Serebryany, K., Iskhodzhanov, T.: ThreadSanitizer: data race detection in practice. In: 2009 Workshop on Binary Instrumentation and Applications. WBIA 2009, pp. 62–71. ACM, New York (2009)
Snow, K.Z., Monrose, F., Davi, L., Dmitrienko, A., Liebchen, C., Sadeghi, A.R.: Just-in-time code reuse: on the effectiveness of fine-grained address space layout randomization. In: 2013 IEEE Symposium on Security and Privacy. SP 2013, pp. 574–588. IEEE, San Francisco (2013)
Song, D., et al.: SoK: sanitizing for security. In: 40th IEEE Symposium on Security and Privacy. SP 2019. IEEE Computer Society, San Francisco (2019)
Standard Performance Evaluation Corporation: SPEC CPU 2006 (2017). https://www.spec.org/cpu2006
Stepanov, E., Serebryany, K.: MemorySanitizer: fast detector of uninitialized memory use in C++. In: 2015 IEEE/ACM International Symposium on Code Generation and Optimization. CGO 2015, pp. 46–55. IEEE, San Francisco (2015)
Wagner, J., Kuznetsov, V., Candea, G., Kinder, J.: High system-code security with low overhead. In: 2015 IEEE Symposium on Security and Privacy. SP 2015, pp. 866–879. IEEE Computer Society, Washington, D.C. (2015)
Wagner, J.B.: Elastic program transformations: automatically optimizing the reliability/performance trade-off in systems software. Ph.D. thesis, Ecole Polytechnique Federale de Lausanne (2017)
Xu, M., Lu, K., Kim, T., Lee, W.: Bunshin: compositing security mechanisms through diversification. In: 2017 USENIX Annual Technical Conference. ATC 2017, pp. 271–283. USENIX Association (2017)
Acknowledgement
We would like to thank Jonas Wagner for his advice and pointing out useful previous work. We also would like to thank the anonymous reviewers for their valuable feedback.
This material is based upon work partially supported by the Defense Advanced Research Projects Agency (DARPA) under contracts FA8750-15-C-0124 and FA8750-15-C-0085, by the United States Office of Naval Research (ONR) under contract N00014-17-1-2782, and by the National Science Foundation under awards CNS-1619211 and CNS-1513837.
Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the Defense Advanced Research Projects Agency (DARPA) or its Contracting Agents, the Office of Naval Research or its Contracting Agents, the National Science Foundation, or any other agency of the U.S. Government.
The authors also gratefully acknowledge a gift from Oracle Corporation.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Lettner, J., Song, D., Park, T., Larsen, P., Volckaert, S., Franz, M. (2018). PartiSan: Fast and Flexible Sanitization via Run-Time Partitioning. In: Bailey, M., Holz, T., Stamatogiannakis, M., Ioannidis, S. (eds) Research in Attacks, Intrusions, and Defenses. RAID 2018. Lecture Notes in Computer Science(), vol 11050. Springer, Cham. https://doi.org/10.1007/978-3-030-00470-5_19
Download citation
DOI: https://doi.org/10.1007/978-3-030-00470-5_19
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-00469-9
Online ISBN: 978-3-030-00470-5
eBook Packages: Computer ScienceComputer Science (R0)