CCured: type-safe retrofitting of legacy software

Necula, George C.; Condit, Jeremy; Harren, Matthew; McPeak, Scott; Weimer, Westley

doi:10.1145/1065887.1065892

Cited by 487 publications

(516 citation statements)

References 9 publications

Supporting

Mentioning

514

Contrasting

Unclassified

Order By: Relevance

“…Write integrity testing [49] uses static analysis and "guard" values between variables to prevent memory corruption errors, but static analysis alone cannot correctly classify all program writes. CCured [50] is a source code transformation system that adds type safety to C programs, but it incurs a significant performance overhead and is unable to statically handle some data types. Generally, solutions that require recompilation of software are less practical, as source code or parts of it (e.g., third-party libraries) are not always available.…”

Section: Related Workmentioning

confidence: 99%

Global ISR: Toward a Comprehensive Defense Against Unauthorized Code Execution

Portokalidis

Keromytis

2011

Advances in Information Security

View full text Add to dashboard Cite

Abstract. Instruction-set randomization (ISR) obfuscates the "language" understood by a system to protect against code-injection attacks by presenting an ever-changing target. ISR was originally motivated by code injection through buffer overflow vulnerabilities. However, Stuxnet demonstrated that attackers can exploit other vectors to place malicious binaries into a victim's filesystem and successfully launch them, bypassing most mechanisms proposed to counter buffer overflows. We propose the holistic adoption of ISR across the software stack, preventing the execution of unauthorized binaries and scripts regardless of their origin. Our approach requires that programs be randomized with different keys during a user-controlled installation, effectively combining the benefits of code whitelisting/signing and runtime program integrity. We discuss how an ISR-enabled environment for binaries can be implemented with little overhead in hardware, and show that higher-overhead softwareonly alternatives are possible. We use Perl and SQL to demonstrate the application of ISR in scripting environments with negligible overhead.

show abstract

Section: Related Workmentioning

confidence: 99%

Global ISR: Toward a Comprehensive Defense Against Unauthorized Code Execution

Portokalidis

Keromytis

2011

Advances in Information Security

View full text Add to dashboard Cite

show abstract

“…For example, there have been buffer-overflow attacks in Java [26,4], Perl [59], etc. There also exists a type-safe C: CCured [60].…”

Section: Bounds Checkingmentioning

confidence: 99%

Survey of Protections from Buffer-Overflow Attacks

Piromsopa¹,

Enbody²

2011

View full text Add to dashboard Cite

Abstract. Buffer-overflow attacks began two decades ago and persist today. Over that time, a number of researchers have proposed many solutions. Their targets were either to prevent or to protect against buffer-overflow attacks. As defenses improved, attacks adapted and became more complicated. Given the maturity of field and the fact that some solutions now exist that can prevent most buffer-overflow attacks, it is time to examine these schemes and their critical issues. In this survey, approaches were categorized into three board categories to provide a basis for understanding bufferoverflow protection schemes.

show abstract

“…There are safe languages, referred to as safe dialects, that remain as close to C or C++ as possible. However, their performance overhead is also significant [4,5].…”

Section: Related Workmentioning

confidence: 99%

“…Some try to solve the problem entirely by inserting bound checks or modifying the language itself [3][4][5]. Others rely on randomness and secrets to detect or prevent modifications of data in memory.…”

Section: Introductionmentioning

confidence: 99%

Efficient and Effective Buffer Overflow Protection on ARM Processors

Strackx

Younan

Philippaerts

et al. 2010

Information Security Theory and Practices. Security and Privacy of Pervasive Systems and Smart Devices

View full text Add to dashboard Cite

Abstract. Although many countermeasures have been developed for desktop and server environments, buffer overflows still pose a big threat. The same approach can be used to target mobile devices. Unfortunately, they place more severe limitations on countermeasures. Not only are the performance requirements at least as important, memory and power consumption need to be considered as well. Moreover, processors used in mobile devices generally are equipped with a different instruction set. Therefore countermeasures may not be ported easily. Multistack is an effective countermeasure against stack-based buffer overflows. It protects applications by using multiple stacks to separate possible attack targets from possible sources. However, its performance overhead will no longer be negligible on the ARMv7 platform (widely used on mobile devices) and it wastes too much memory, making it too costly for mobile applications. We propose 3 methods to reduce memory overhead up to 28% with only a 3.91% performance overhead.

show abstract

CCured: type-safe retrofitting of legacy software

Cited by 487 publications

References 9 publications

Global ISR: Toward a Comprehensive Defense Against Unauthorized Code Execution

Global ISR: Toward a Comprehensive Defense Against Unauthorized Code Execution

Survey of Protections from Buffer-Overflow Attacks

Efficient and Effective Buffer Overflow Protection on ARM Processors

Contact Info

Product

Resources

About