CCured in the real world

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

CCured in the real world

Full text

Pdf (263 KB)

Source

Conference on Programming Language Design and Implementation archive
Proceedings of the ACM SIGPLAN 2003 conference on Programming language design and implementation table of contents

San Diego, California, USA

SESSION: Validation table of contents

Pages: 232 - 244

Year of Publication: 2003

ISBN:1-58113-662-5

Also published in ...

Authors

Jeremy Condit	University of California, Berkeley
Matthew Harren	University of California, Berkeley
Scott McPeak	University of California, Berkeley
George C. Necula	University of California, Berkeley
Westley Weimer	University of California, Berkeley

Sponsors

ACM: Association for Computing Machinery
SIGPLAN: ACM Special Interest Group on Programming Languages

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): n/a, Downloads (12 Months): n/a, Citation Count: 35

Additional Information:

abstract references cited by index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/781131.781157 What is a DOI?

ABSTRACT

CCured is a program transformation system that adds memory safety guarantees to C programs by verifying statically that memory errors cannot occur and by inserting run-time checks where static verification is insufficient.This paper addresses major usability issues in a previous version of CCured, in which many type casts required the use of pointers whose representation was expensive and incompatible with precompiled libraries. We have extended the CCured type inference algorithm to recognize and verify statically a large number of type casts; this goal is achieved by using physical subtyping and pointers with run-time type information to allow parametric and subtype polymorphism. In addition, we present a new instrumentation scheme that splits CCured's metadata into a separate data structure whose shape mirrors that of the original user data. This scheme allows instrumented programs to invoke external functions directly on the program's data without the use of a wrapper function.With these extensions we were able to use CCured on real-world security-critical network daemons and to produce instrumented versions without memory-safety vulnerabilities.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Martín Abadi , Luca Cardelli , Benjamin Pierce , Gordon Plotkin, Dynamic typing in a statically typed language, ACM Transactions on Programming Languages and Systems (TOPLAS), v.13 n.2, p.237-268, April 1991 [doi>10.1145/103135.103138]
	2	Todd M. Austin , Scott E. Breach , Gurindar S. Sohi, Efficient detection of all pointer and array access errors, ACM SIGPLAN Notices, v.29 n.6, p.290-301, June 1994
	3	Martin Christopher Carlisle, Olden: parallelizing programs with dynamic data structures on distributed-memory machines, Princeton University, Princeton, NJ, 1996
	4	Robert Cartwright , Mike Fagan, Soft typing, Proceedings of the ACM SIGPLAN 1991 conference on Programming language design and implementation, p.278-292, June 24-28, 1991, Toronto, Ontario, Canada
	5	CERT Coordination Center. Cert advisory ca-2003-12: Buffer overflow in sendmail. http://www.cert.org/advisories/CA-2003-12.html, 2003.
	6	Satish Chandra , Thomas Reps, Physical type checking for C, Proceedings of the 1999 ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering, p.66-75, September 06-06, 1999, Toulouse, France
	7	Jeffrey S. Foster , Manuel Fähndrich , Alexander Aiken, A theory of type qualifiers, Proceedings of the ACM SIGPLAN 1999 conference on Programming language design and implementation, p.192-203, May 01-04, 1999, Atlanta, Georgia, United States
	8	R. Hastings and B. Joyce. Purify: Fast detection of memory leaks and access errors. In Proceedings of the Usenix Winter 1992 Technical Conference, pages 125--138, Berkeley, CA, USA, Jan. 1991. Usenix Association.
	9	Fritz Henglein, Global tagging optimization by type inference, Proceedings of the 1992 ACM conference on LISP and functional programming, p.205-215, June 22-24, 1992, San Francisco, California, United States
	10	Trevor Jim , J. Greg Morrisett , Dan Grossman , Michael W. Hicks , James Cheney , Yanling Wang, Cyclone: A Safe Dialect of C, Proceedings of the General Track: 2002 USENIX Annual Technical Conference, p.275-288, June 10-15, 2002
	11	R. W. M. Jones and P. H. J. Kelly. Backwards-compatible bounds checking for arrays and pointers in C programs. AADEBUG, 1997.
	12	S. Kaufer, R. Lopez, and S. Pratap. Saber-C: an interpreter-based programming environment for the C language. In Proceedings of the Summer Usenix Conference, pages 161--171, 1988.
	13	Andreas Kind , Horst Friedrich, A practical approach to type inference for EuLisp, Lisp and Symbolic Computation, v.6 n.1-2, p.159-176, Aug. 1993 [doi>10.1007/BF01025919]
	14	Alexey Loginov , Suan Hsi Yong , Susan Horwitz , Thomas W. Reps, Debugging via Run-Time Type Checking, Proceedings of the 4th International Conference on Fundamental Approaches to Software Engineering, p.217-232, April 02-06, 2001
	15	George C. Necula , Scott McPeak , Westley Weimer, CCured: type-safe retrofitting of legacy code, Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, p.128-139, January 16-18, 2002, Portland, Oregon
	16	H. Patil and C. N. Fischer. Efficient run-time monitoring using shadow processing. In Automated and Algorithmic Debugging, pages 119--132, 1995.
	17	Harish Patil , Charles Fischer, Low-cost, concurrent checking of pointer and array accesses in C programs, Software—Practice & Experience, v.27 n.1, p.87-110, Jan. 1997 [doi>10.1002/(SICI)1097-024X(199701)27:1<87::AID-SPE78>3.0.CO;2-P]
	18	G. Ramalingam , John Field , Frank Tip, Aggregate structure identification and its application to program analysis, Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, p.119-132, January 20-22, 1999, San Antonio, Texas, United States [doi>10.1145/292540.292553]
	19	SecuriTeam.com. PHP3 / PHP4 format string vulnerability.
	20	J. Seward. Valgrind, an open-source memory debugger for x86-GNU/Linux. Technical report, http://developer.kde.org/~sewardj/, 2003.
	21	Mark Shields , Tim Sheard , Simon Peyton Jones, Dynamic typing as staged type inference, Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, p.289-302, January 19-21, 1998, San Diego, California, United States [doi>10.1145/268946.268970]
	22	Michael Siff , Satish Chandra , Thomas Ball , Krishna Kunchithapadam , Thomas Reps, Coping with type casts in C, Proceedings of the 7th European software engineering conference held jointly with the 7th ACM SIGSOFT international symposium on Foundations of software engineering, p.180-198, September 06-10, 1999, Toulouse, France
	23	Geoffrey Smith , Dennis Volpano, A sound polymorphic type system for a dialect of C, Science of Computer Programming, v.32 n.1-3, p.49-72, Sept. 1998 [doi>10.1016/S0167-6423(97)00030-0]
	24	SPEC 95. Standard Performance Evaluation Corportation Benchmarks. http://www.spec.org/osg/cpu95/CINT95, July 1995.
	25	Satish Thatte, Quasi-static typing, Proceedings of the 17th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, p.367-381, December 1989, San Francisco, California, United States [doi>10.1145/96709.96747]
	26	D. Wagner, J. Foster, E. Brewer, and A. Aiken. A first step toward automated detection of buffer overrun vulnerabilities. In Network Distributed Systems Security Symposium, pages 1--15, Feb. 2000.
	27	W. Weimer. The CCured type system and type inference. Technical Report UCB-CS, University of California, Berkeley. http://www.cs.berkeley.edu/~weimer/ TheCCuredTypeSystem.ps, 2002.
	28	Andrew K. Wright , Robert Cartwright, A practical soft type system for scheme, ACM Transactions on Programming Languages and Systems (TOPLAS), v.19 n.1, p.87-152, Jan. 1997 [doi>10.1145/239912.239917]

CITED BY 36

	Suan Hsi Yong , Susan Horwitz, Protecting C programs from attacks via invalid pointer dereferences, ACM SIGSOFT Software Engineering Notes, v.28 n.5, September 2003
	Emmett Witchel , Junghwan Rhee , Krste Asanović, Mondrix: memory isolation for linux using mondriaan memory protection, ACM SIGOPS Operating Systems Review, v.39 n.5, December 2005
	Divya Arora , Anand Raghunathan , Srivaths Ravi , Niraj K. Jha, Architectural support for safe software execution on embedded processors, Proceedings of the 4th international conference on Hardware/software codesign and system synthesis, October 22-25, 2006, Seoul, Korea
	Pin Zhou , Feng Qin , Wei Liu , Yuanyuan Zhou , Josep Torrellas, iWatcher: Simple, General Architectural Support for Software Debugging, IEEE Micro, v.24 n.6, p.50-56, November 2004
	Wei Xu , Daniel C. DuVarney , R. Sekar, An efficient and backwards-compatible transformation to ensure memory safety of C programs, ACM SIGSOFT Software Engineering Notes, v.29 n.6, November 2004
	Yuanyuan Zhou , Pin Zhou , Feng Qin , Wei Liu , Josep Torrellas, Efficient and flexible architectural support for dynamic monitoring, ACM Transactions on Architecture and Code Optimization (TACO), v.2 n.1, p.3-33, March 2005
	Michael M. Swift , Brian N. Bershad , Henry M. Levy, Improving the reliability of commodity operating systems, ACM Transactions on Computer Systems (TOCS), v.23 n.1, p.77-110, February 2005
	Dinakar Dhurjati , Sumant Kowshik , Vikram Adve , Chris Lattner, Memory safety without garbage collection for embedded applications, ACM Transactions on Embedded Computing Systems (TECS), v.4 n.1, p.73-111, February 2005
	Misha Zitser , Richard Lippmann , Tim Leek, Testing static analysis tools using exploitable buffer overflows from open source code, ACM SIGSOFT Software Engineering Notes, v.29 n.6, November 2004
	Andrew Ayers , Richard Schooler , Chris Metcalf , Anant Agarwal , Junghwan Rhee , Emmett Witchel, TraceBack: first fault diagnosis by reconstruction of distributed control flow, ACM SIGPLAN Notices, v.40 n.6, June 2005
	George C. Necula , Jeremy Condit , Matthew Harren , Scott McPeak , Westley Weimer, CCured: type-safe retrofitting of legacy software, ACM Transactions on Programming Languages and Systems (TOPLAS), v.27 n.3, p.477-526, May 2005
	Michael F. Ringenburg , Dan Grossman, Preventing format-string attacks via automatic and efficient dynamic checking, Proceedings of the 12th ACM conference on Computer and communications security, November 07-11, 2005, Alexandria, VA, USA
	Feng Qin , Joseph Tucek , Jagadeesan Sundaresan , Yuanyuan Zhou, Rx: treating bugs as allergies---a safe method to survive software failures, ACM SIGOPS Operating Systems Review, v.39 n.5, December 2005
	Christopher Barton , Peng Zhao , Robert Niewiadomski , José Nelson Amaral, Identifying opportunities for automatic remote field cloning, Proceedings of the 2004 conference of the Centre for Advanced Studies on Collaborative research, p.124-134, October 04-07, 2004, Markham, Ontario, Canada
	Matthew Simpson , Bhuvan Middha , Rajeev Barua, Segment protection for embedded systems using run-time checks, Proceedings of the 2005 international conference on Compilers, architectures and synthesis for embedded systems, September 24-27, 2005, San Francisco, California, USA
	Dan Grossman, Quantified types in an imperative language, ACM Transactions on Programming Languages and Systems (TOPLAS), v.28 n.3, p.429-475, May 2006
	Vinod Ganapathy , Somesh Jha , David Chandler , David Melski , David Vitek, Buffer overrun detection using linear programming and static analysis, Proceedings of the 10th ACM conference on Computer and communications security, October 27-30, 2003, Washington D.C., USA
	Pin Zhou , Wei Liu , Long Fei , Shan Lu , Feng Qin , Yuanyuan Zhou , Samuel Midkiff , Josep Torrellas, AccMon: Automatically Detecting Memory-Related Bugs via Program Counter-Based Invariants, Proceedings of the 37th annual IEEE/ACM International Symposium on Microarchitecture, p.269-280, December 04-08, 2004, Portland, Oregon
	Brian Hackett , Manuvir Das , Daniel Wang , Zhe Yang, Modular checking for buffer overflows in the large, Proceeding of the 28th international conference on Software engineering, May 20-28, 2006, Shanghai, China
	Long Fei , Samuel P. Midkiff, Artemis: practical runtime monitoring of applications for execution anomalies, ACM SIGPLAN Notices, v.41 n.6, June 2006
	Hiroshi Unno , Naoki Kobayashi , Akinori Yonezawa, Combining type-based analysis and model checking for finding counterexamples against non-interference, Proceedings of the 2006 workshop on Programming languages and analysis for security, June 10-10, 2006, Ottawa, Ontario, Canada
	Eric Brewer , Jeremy Condit , Bill McCloskey , Feng Zhou, Thirty years is long enough: getting beyond C, Proceedings of the 10th conference on Hot Topics in Operating Systems, p.14-14, June 12-15, 2005, Santa Fe, NM
	Zhenmin Li , Shan Lu , Suvda Myagmar , Yuanyuan Zhou, CP-Miner: a tool for finding copy-paste and related bugs in operating system code, Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation, p.20-20, December 06-08, 2004, San Francisco, CA
	Martin Rinard , Cristian Cadar , Daniel Dumitran , Daniel M. Roy , Tudor Leu , William S. Beebee, Jr., Enhancing server availability and security through failure-oblivious computing, Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation, p.21-21, December 06-08, 2004, San Francisco, CA
	Joseph Tucek , James Newsome , Shan Lu , Chengdu Huang , Spiros Xanthos , David Brumley , Yuanyuan Zhou , Dawn Song, Sweeper: a lightweight end-to-end system for defending against fast worms, ACM SIGOPS Operating Systems Review, v.41 n.3, June 2007
	Stephen McCamant , Greg Morrisett, Evaluating SFI for a CISC architecture, Proceedings of the 15th conference on USENIX Security Symposium, p.15-15, July 31-August 04, 2006, Vancouver, B.C., Canada
	Feng Qin , Joseph Tucek , Yuanyuan Zhou , Jagadeesan Sundaresan, Rx: Treating bugs as allergies—a safe method to survive software failures, ACM Transactions on Computer Systems (TOCS), v.25 n.3, p.7-es, August 2007
	Nick L. Petroni, Jr. , Michael Hicks, Automated detection of persistent kernel control-flow attacks, Proceedings of the 14th ACM conference on Computer and communications security, October 28-31, 2007, Alexandria, Virginia, USA
	Qi Gao , Feng Qin , Dhabaleswar K. Panda, DMTracker: finding bugs in large-scale parallel programs by detecting anomaly in data movements, Proceedings of the 2007 ACM/IEEE conference on Supercomputing, November 10-16, 2007, Reno, Nevada
	Pin Zhou , Feng Qin , Wei Liu , Yuanyuan Zhou , Josep Torrellas, iWatcher: Efficient Architectural Support for Software Debugging, ACM SIGARCH Computer Architecture News, v.32 n.2, p.224, March 2004
	Martin Hirzel , Robert Grimm, Jeannie: granting java native interface developers their wishes, ACM SIGPLAN Notices, v.42 n.10, October 2007
	Marius Nita , Dan Grossman , Craig Chambers, A theory of platform-dependent low-level software, ACM SIGPLAN Notices, v.43 n.1, January 2008
	Peng Zhao , Shimin Cui , Yaoqing Gao , Raúl Silvera , José Nelson Amaral, Forma: A framework for safe automatic array reshaping, ACM Transactions on Programming Languages and Systems (TOPLAS), v.30 n.1, p.2-es, November 2007
	Karthik Pattabiraman , Vinod Grover , Benjamin G. Zorn, Samurai: protecting critical data in unsafe languages, ACM SIGOPS Operating Systems Review, v.42 n.4, May 2008
	Yutaka Oiwa, Implementation of the memory-safe full ANSI-C compiler, ACM SIGPLAN Notices, v.44 n.6, June 2009
	Zhenmin Li , Shan Lu , Suvda Myagmar , Yuanyuan Zhou, CP-Miner: Finding Copy-Paste and Related Bugs in Large-Scale Software Code, IEEE Transactions on Software Engineering, v.32 n.3, p.176-192, March 2006