Affiliation:
1. Pennsylvania State University, University Park, PA, USA
Abstract
Security enforcement inlined into user threads often delays the protected programs; inlined resource reclamation may interrupt program execution and defer resource release. We propose
software cruising
, a novel technique that migrates security enforcement and resource reclamation from user threads to a concurrent monitor thread. The technique leverages the increasingly popular multicore and multiprocessor architectures and uses
lock-free
data structures to achieve
non-blocking
and efficient synchronization between the monitor and user threads. As a case study, software cruising is applied to the heap buffer overflow problem. Previous mitigation and detection techniques for this problem suffer from high performance overhead, legacy code compatibility, semantics loyalty, or tedious manual program transformation. We present a concurrent heap buffer overflow detector, Cruiser, in which a concurrent thread is added to the user program to monitor heap integrity, and custom lock-free data structures and algorithms are designed to achieve high efficiency and scalability. The experiments show that our approach is practical: it imposes an average of 5% performance overhead on SPEC CPU2006, and the throughput slowdown on Apache is negligible on average.
Publisher
Association for Computing Machinery (ACM)
Subject
Computer Graphics and Computer-Aided Design,Software
Reference71 articles.
1. Control-flow integrity
2. AlephOne. Smashing the stack for fun and profit. Phrack 7 (49) 1996. AlephOne. Smashing the stack for fun and profit. Phrack 7 (49) 1996.
3. Efficient detection of all pointer and array access errors
Cited by
5 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献
1. A survey of automatic exploitation of binary vulnerabilities;International Conference on Computer Network Security and Software Engineering (CNSSE 2023);2023-06-26
2. A Dynamic Protection Mechanism for GPU Memory Overflow;Lecture Notes in Computer Science;2021
3. Pangr: A Behavior-Based Automatic Vulnerability Detection and Exploitation Framework;2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE);2018-08
4. C++ Memory Detection Tool Based on Dynamic Instrumentation;Advances in Internet, Data & Web Technologies;2018
5. HeapDefender: A Mechanism of Defending Embedded Systems against Heap Overflow via Hardware;2012 9th International Conference on Ubiquitous Intelligence and Computing and 9th International Conference on Autonomic and Trusted Computing;2012-09