Bounds Checking with Taint-Based Analysis
نویسندگان
چکیده
We analyze the performance of different bounds checking implementations. Specifically, we examine using the x86 bound instruction to reduce the run-time overhead. We also propose a compiler optimization that prunes the bounds checks that are not necessary to guarantee security. The optimization is based on the observation that buffer overflow attacks are launched through external inputs. Therefore, it is sufficient to bounds check only the accesses to those data structures that can possibly hold the external inputs. Also, it is sufficient to bounds check only the memory writes. The proposed optimizations reduce the number of required bounds checks as well as the amount of meta-data that need to be maintained to perform those checks.
منابع مشابه
Influence: A Quantitative Approach for Data Integrity
A number of systems employ dynamic taint analysis to detect overwrite attacks in commodity software. These systems are based on the premise that low-integrity inputs should not control values such as function pointers and return addresses. Unfortunately, there are several programming constructs that can cause false positives and false negatives in these systems, which are currently handled by m...
متن کاملWhole-system Fine-grained Taint Analysis for Automatic Malware Detection and Analysis
As malware is becoming increasingly sophisticated and stealthy, effective techniques for malware detection and analysis are imperative. Previous detection mechanisms are insufficient. Signature-based detection cannot detect new malware, and watch-point based behavioral detection can be evaded by stealthier design. Most previous analysis mechanisms are too coarse-grained to capture malware behav...
متن کاملInfluence: A Quantitative Approach for Data Integrity (CMU-CyLab-08-005)
A number of systems employ dynamic taint analysis to detect overwrite attacks in commodity software. These systems are based on the premise that low-integrity inputs should not control values such as function pointers and return addresses. Unfortunately, there are several programming constructs that can cause false positives and false negatives in these systems, which are currently handled by m...
متن کاملOn the Deployment of Dynamic Taint Analysis for Application Communities
Although software-attack detection via dynamic taint analysis (DTA) supports high coverage of program execution, it prohibitively degrades the performance of the monitored program. This letter explores the possibility of collaborative dynamic taint analysis among members of an application community (AC): instead of full monitoring for every request at every instance of the AC, each member uses ...
متن کاملA dynamic taint forensic analysis tool for Android apps
.................................................................................................................................. ix CHAPTER
متن کامل