Abstract
Flexible features of C can be misused and result in potential vulnerabilities which are hard to detect by performing only static checking. Existing tools either give up run-time type checking or employ a type system whose granularity is too coarse (it does not differentiate between pointer types) so that many errors may go undetected. This paper presents a dynamic checking approach to conquer them. A type system that is based on the physical layout of data types and has the proper granularity has been employed. Rules for propagating dynamic types and checking for compatibility of types during execution of the target program are also set up. Then a model of dynamic type checking on this type system to capture run-time type errors is built. Experimental results show that it can catch most errors, including those may become system vulnerabilities and the overhead is moderate.
Supported by the National High Technology Research and Development Program of China (863 Program) (No. 2003AA1Z1060) and Natural Science Foundation of Zhejiang Province (No. Y105355).
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Loginov, A., Yong, S., Horwitz, S., Reps, T.: Debugging via runtime type checking. In: Hussmann, H. (ed.) FASE 2001. LNCS, vol. 2029, pp. 217–232. Springer, Heidelberg (2001)
Hanson, D.R., Fraser, C.W.: A Retargetable C Compiler. Addison-Wesley, Reading (1995)
Wang, J., Ping, L., Pan, X., Shen, H., Yan, X.: Tools to make C programs safe: a deeper study. Journal of Zhejiang University SCIENCE 6A(1), 63–70 (2005)
Seward, J.: Valgrind, an open-source memory debugger for x86-GNU/Linux. Technical report (2003), http://valgrind.kde.org/
Burrows, M., Freund, S., Wiener, J.: Run-time type checking for binary programs. In: International Conference on Compiler Construction (2003)
Siff, M., Chandra, S., Ball, T., Kunchithapadam, K., Reps, T.: Coping with Type Casts in C. In: Nierstrasz, O., Lemoine, M. (eds.) ESEC 1999 and ESEC-FSE 1999. LNCS, vol. 1687, pp. 180–198. Springer, Heidelberg (1999)
Hasting, R., Joyce, B.: Purify: fast detection of memory leaks and access errors. In: Proceedings of the Winter USENIX Conference (1992)
Chandra, S., Reps, T.: Physical type checking for C. In: Proceedings of the ACM SIGPLAN-SIGSOFT Workshop on Program Analysis for Software Tools and Engineering. Software Engineering Notes (SEN), vol. 24(5), pp. 66–75 (1999)
Shankar, U., Talwar, K., Foster, J.S., Wagner, D.: Automated Detection of Format-String Vulnerabilities Using Type Qualifiers. In: Proceedings of the 10th USENIX Security Symposium, Washington, DC (2001)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Shen, H., Wang, J., Ping, L., Sun, K. (2006). Securing C Programs by Dynamic Type Checking. In: Chen, K., Deng, R., Lai, X., Zhou, J. (eds) Information Security Practice and Experience. ISPEC 2006. Lecture Notes in Computer Science, vol 3903. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11689522_32
Download citation
DOI: https://doi.org/10.1007/11689522_32
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-33052-3
Online ISBN: 978-3-540-33058-5
eBook Packages: Computer ScienceComputer Science (R0)