2014 IEEE 25th International Symposium on Software Reliability Engineering 2014
DOI: 10.1109/issre.2014.20
|View full text |Cite
|
Sign up to set email alerts
|

WPBOUND: Enforcing Spatial Memory Safety Efficiently at Runtime with Weakest Preconditions

Abstract: Abstract-Spatial errors (e.g., buffer overflows) continue to be one of the dominant threats to software reliability and security in C/C++ programs. Presently, the software industry typically enforces spatial memory safety by instrumentation. Due to high overheads incurred in bounds checking at runtime, many program inputs cannot be exercised, causing some input-specific spatial errors to go undetected in today's commercial software.This paper introduces a new compile-time optimisation for reducing bounds check… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
12
0

Year Published

2015
2015
2024
2024

Publication Types

Select...
5
1

Relationship

1
5

Authors

Journals

citations
Cited by 20 publications
(12 citation statements)
references
References 45 publications
0
12
0
Order By: Relevance
“…llvm-mpx is applied at last. The same convention of using all possible optimizations before the instrumentation was adopted in SoftBound [41] and others [38,42,56,69]. We investigated the high runtime overhead of icc-mpx and gcc-mpx.…”
Section: Methodsmentioning
confidence: 99%
See 2 more Smart Citations
“…llvm-mpx is applied at last. The same convention of using all possible optimizations before the instrumentation was adopted in SoftBound [41] and others [38,42,56,69]. We investigated the high runtime overhead of icc-mpx and gcc-mpx.…”
Section: Methodsmentioning
confidence: 99%
“…(3) Bound check consolidation: if it can statically calculate the range of the access in a loop or a vectorized code, it consolidates the checks into one check and pays the overhead only once. This is a very simple form of optimization proposed in Gupta's work [28] and WPBound [68].…”
Section: Spatial Memory Safetymentioning
confidence: 99%
See 1 more Smart Citation
“…2), then memcpy will copy such data to the intermediate buffer which will be then sent to the attacker. Note that existing approaches on bounds checking [7], [8], [9] does not really handle this type of information leak, because they only check memory access at the end of the buffer. The second type is to steal information that are stored out of the current buffer.…”
Section: B Threat Modelmentioning
confidence: 99%
“…These techniques have been implemented in many compilers and systems, but they are not applicable to the over-read issue. There is also a large volume of research on direct bound checking (e.g., [7], [8], [9]) and safe type system retrofitting (e.g., [10], [11]). Bounds checking and safe type system retrofitting can mitigate the over-read issue, but few is widely adopted due to either excessive runtime overhead, expensive cost of manual work, or insufficient mitigation in practice.…”
Section: Introductionmentioning
confidence: 99%