Lightweight Wrappers for Interfacing with Binary Code in CCured

  • Matthew Harren
  • George C. Necula
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3233)

Abstract

The wide use of separate compilation and precompiled libraries among programmers poses a challenge to source-code based security and analysis tools such as CCured. These tools must understand enough of the behavior of precompiled libraries that they can prevent any unsafe use of the library. The situation is even more complicated for instrumentation tools that change the layout of data to accommodate array bounds or other metadata that is necessary for safety checking.

This paper describes the solution we use with CCured: a system of context-sensitive wrapper functions. These wrappers check that library functions are invoked on valid arguments, and also maintain the extra runtime invariants imposed by CCured. We describe the design of these wrappers and our experiences using them, including the case where complex data structures are passed to or from the library.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Condit, J., Harren, M., McPeak, S., Necula, G.C., Weimer, W.: CCured in the real world. In: Proceedings of the ACM SIGPLAN 2003 conference on Programming Language Design and Implementation, pp. 232–244. ACM Press, New York (2003)CrossRefGoogle Scholar
  2. 2.
    Newsham, T.: Format string attacks (2000), http://www.lava.net/~newsham/format-string-attacks.pdf
  3. 3.
    Vo, K.P., Wang, Y.M., Chung, P.E., Huang, Y.: Xept: a software instrumentation method for exception handling, 60–69 (1997)Google Scholar
  4. 4.
    Baratloo, A., Singh, N., Tsai, T.: Transparent run-time defense against stack smashing attacks. In: Proceedings of the USENIX Annual Technical Conference (2000)Google Scholar
  5. 5.
    Fetzer, C., Xiao, Z.: An automated approach to increasing the robustness of C libraries. In: Proceedings of the 2002 International Conference on Dependable Systems and Networks, pp. 155–166. IEEE Computer Society Press, Los Alamitos (2002)CrossRefGoogle Scholar
  6. 6.
    Fetzer, C., Xiao, Z.: Detecting heap smashing attacks through fault containment wrappers. In: Proceedings of the 20th IEEE Symposium on Reliable Distributed Systems (2001)Google Scholar
  7. 7.
    Suenaga, K., Oiwa, Y., Sumii, E., Yonezawa, A.: The Interface Definition Language for Fail-Safe C. In: Futatsugi, K., Mizoguchi, F., Yonezaki, N. (eds.) ISSS 2003. LNCS, vol. 3233, pp. 192–208. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  8. 8.
    Tilevich, E., Smaragdakis, Y.: NRMI: Natural and efficient middleware. In: Proceedings of the 23rd International Conference on Distributed Computing Systems, p. 252. IEEE Computer Society Press, Los Alamitos (2003)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Matthew Harren
    • 1
  • George C. Necula
    • 1
  1. 1.Computer Science DivisionUniversity of California, BerkeleyBerkeleyUSA

Personalised recommendations