Julian Lettner scite author profile

Julian Lettner

4Publications

72Citation Statements Received

56Citation Statements Given

How they've been cited

109

How they cite others

Affiliations

University of California, Irvine

Publications

Order By: Most citations

SoK: Sanitizing for Security

Song

Lettner

Rajasekaran

et al. 2019

View full text Add to dashboard Cite

The C and C ++ programming languages are notoriously insecure yet remain indispensable. Developers therefore resort to a multi-pronged approach to find security issues before adversaries. These include manual, static, and dynamic program analysis. Dynamic bug finding tools-henceforth "sanitizers"can find bugs that elude other types of analysis because they observe the actual execution of a program, and can therefore directly observe incorrect program behavior as it happens.A vast number of sanitizers have been prototyped by academics and refined by practitioners. We provide a systematic overview of sanitizers with an emphasis on their role in finding security issues. Specifically, we taxonomize the available tools and the security vulnerabilities they cover, describe their performance and compatibility properties, and highlight various trade-offs. class Base { virtual void func(); }; class Derived : public Base { public: int extra; }; Base b[2]; Derived * d = static_cast(&b[0]); // Bad-casting d->extra = ...; // Type-unsafe, out-of-bounds access, which // overwrites the vtable pointer of b[1]Listing 4. Bad-casting vulnerability leading to a type-and memory-unsafe memory access

show abstract

Bytecode Corruption Attacks Are Real—And How to Defend Against Them

Park

Lettner

et al. 2018

View full text Add to dashboard Cite

PartiSan: Fast and Flexible Sanitization via Run-Time Partitioning

Lettner

Song

Park

et al. 2018

View full text Add to dashboard Cite

Sanitizers can detect security vulnerabilities in C/C ++ code that elude static analysis. Current practice is to continuously fuzz and sanitize internal pre-release builds. Sanitization-enabled builds are rarely released publicly. This is in large part due to the high memory and processing requirements of sanitizers. We present PartiSan, a run-time partitioning technique that speeds up sanitizers and allows them to be used in a more flexible manner. Our core idea is to partition the execution into sanitized slices that incur a run-time overhead, and "unsanitized" slices running at full speed. With PartiSan, sanitization is no longer an all-or-nothing proposition. A single build can be distributed to every user regardless of their willingness to enable sanitization and the capabilities of their host system. Parti-San can automatically adjust the amount of sanitization to fit within a performance budget or disable sanitization if the host lacks sufficient resources. The flexibility afforded by run-time partitioning also means that we can alternate between different types of sanitizers dynamically; today, developers have to pick a single type of sanitizer ahead of time. Finally, we show that run-time partitioning can speed up fuzzing by running the sanitized partition only when the fuzzer discovers an input that causes a crash or uncovers new execution paths.

show abstract

PartiSan: Fast and Flexible Sanitization via Run-time Partitioning

Lettner¹,

Song²,

Park³

et al. 2017

Preprint

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Julian Lettner

SoK: Sanitizing for Security

Bytecode Corruption Attacks Are Real—And How to Defend Against Them

PartiSan: Fast and Flexible Sanitization via Run-Time Partitioning

PartiSan: Fast and Flexible Sanitization via Run-time Partitioning

Contact Info

Product

Resources

About