Enhancing availability and security through boundless memory blocks
Thesis (M. Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2004.
Main Author: | |
---|---|
Other Authors: | |
Format: | Thesis |
Language: | eng |
Published: |
Massachusetts Institute of Technology
2006
|
Subjects: | |
Online Access: | http://hdl.handle.net/1721.1/33123 |
_version_ | 1811091603136184320 |
---|---|
author | Cadar, Cristian |
author2 | Martin C. Rinard. |
author_facet | Martin C. Rinard. Cadar, Cristian |
author_sort | Cadar, Cristian |
collection | MIT |
description | Thesis (M. Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2004. |
first_indexed | 2024-09-23T15:04:59Z |
format | Thesis |
id | mit-1721.1/33123 |
institution | Massachusetts Institute of Technology |
language | eng |
last_indexed | 2024-09-23T15:04:59Z |
publishDate | 2006 |
publisher | Massachusetts Institute of Technology |
record_format | dspace |
spelling | mit-1721.1/331232019-04-11T14:09:25Z Enhancing availability and security through boundless memory blocks Cadar, Cristian Martin C. Rinard. Massachusetts Institute of Technology. Dept. of Electrical Engineering and Computer Science. Massachusetts Institute of Technology. Dept. of Electrical Engineering and Computer Science. Electrical Engineering and Computer Science. Thesis (M. Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2004. Includes bibliographical references (leaves 49-52). We present a new technique, boundless memory blocks, that automatically eliminates buffer overflow errors, enabling programs to continue to execute through memory errors without memory corruption. Buffer overflow vulnerabilities are caused by programming errors that allow an attacker to cause the program to write beyond the bounds of an allocated memory block to corrupt other data structures. The standard way to exploit a buffer overflow vulnerability involves a request that is too large for the buffer intended to hold it. The buffer overflow error causes the program to write part of the request beyond the bounds of the buffer, corrupting the address space of the program and causing the program to execute injected code contained in the request. Our boundless memory blocks compiler inserts checks that dynamically detect all out of bounds accesses. When it detects an out of bounds write, it stores the value away in a hash. Our compiler can then return the stored value as the result of an out of bounds read to that address. In the case of uninitialized addresses, our compiler simply returns a predefined value. We have acquired several widely used open source applications (Apache, Sendmail, Pine, Mutt, and Midnight Commander). With standard compilers, all of these applications are vulnerable to buffer overflow attacks as documented at security tracking web sites. Instead, our compiler enables the applications to execute successfully through buffer overflow attacks to continue to correctly service user requests without security vulnerabilities. We have also found that only one application contains uninitialized reads, which means that in most cases, the net effect of our compiler is to (conceptually) give each allocated memory block unbounded size and to eliminate out of bounds accesses as a programming error. by Cristian Cadar. M.Eng. 2006-06-19T17:43:07Z 2006-06-19T17:43:07Z 2004 2004 Thesis http://hdl.handle.net/1721.1/33123 62240583 eng M.I.T. theses are protected by copyright. They may be viewed from this source for any purpose, but reproduction or distribution in any format is prohibited without written permission. See provided URL for inquiries about permission. http://dspace.mit.edu/handle/1721.1/7582 52 leaves 2070965 bytes 2071920 bytes application/pdf application/pdf application/pdf Massachusetts Institute of Technology |
spellingShingle | Electrical Engineering and Computer Science. Cadar, Cristian Enhancing availability and security through boundless memory blocks |
title | Enhancing availability and security through boundless memory blocks |
title_full | Enhancing availability and security through boundless memory blocks |
title_fullStr | Enhancing availability and security through boundless memory blocks |
title_full_unstemmed | Enhancing availability and security through boundless memory blocks |
title_short | Enhancing availability and security through boundless memory blocks |
title_sort | enhancing availability and security through boundless memory blocks |
topic | Electrical Engineering and Computer Science. |
url | http://hdl.handle.net/1721.1/33123 |
work_keys_str_mv | AT cadarcristian enhancingavailabilityandsecuritythroughboundlessmemoryblocks |