skip to main content
10.1145/3605731.3605903acmotherconferencesArticle/Chapter ViewAbstractPublication PagesicppConference Proceedingsconference-collections
research-article

Enhanced Memory Corruption Detection in C/C++ Programs

Published: 07 September 2023 Publication History

Abstract

Out-of-bound memory accesses, which often occur in programs written in unsafe languages such as C or C++, cause severe troubles. Though there are many useful tools aiming at this problem, we report a new tool, called mcds, for detecting spatial and temporal memory corruptions in x86-64 ELF binary. Mcds allocates each memory object to a separate virtual page. The rest is left blank. Due to a facility in the memory management library, we can set up memory protection so that accessing the “blank” part of a virtual page causes a hardware trap. Because it is a hardware trap, there is little run-time overhead. In order to save memory space, we may squeeze several virtual pages into a single physical page. Our first experimental result is that mcds can find all the bugs in the Firefox 78 package, the Chrome package and the PHP7.0 package that are recorded on the CVE Details website. Furthermore, mcds can detect three classes of memory corruptions that are beyond the capability of the current AddressSanitizer (Asan). Then we compare the time for compilation and fuzzing tests. The fuzzing test is done with AFL++ fuzzer on Ubuntu 22.04 LTS with Intel i5-9600K chip. According to our experimental results, mcds shows approximately 6x speedup in fuzzing tests against AddressSanitizer. There is not significant difference between compiling the source with AddressSanitizer or with mcds, though both of them result in 2x slowdown compared with compilation without a sanitizer.

References

[1]
Andrea Arcangeli, Izik Eidus, and Chris Wright. 2009. Increasing memory density by using KSM. In Proceedings of the linux symposium. Citeseer, 19–28.
[2]
Hardware assisted AddressSanitizer. 2019. Hardware-assisted AddressSanitizer Design Documentation. https://clang.llvm.org/docs/HardwareAssistedAddressSanitizerDesign.html
[3]
Crispan Cowan, Calton Pu, Dave Maier, Jonathan Walpole, Peat Bakke, Steve Beattie, Aaron Grier, Perry Wagle, Qian Zhang, and Heather Hinton. 1998. Stackguard: automatic adaptive detection and prevention of buffer-overflow attacks. In USENIX security symposium, Vol. 98. San Antonio, TX, 63–78.
[4]
CWE. 2022. 2022 CWE Top 25 Most Dangerous Software Weaknesses. https://cwe.mitre.org/top25/archive/2022/2022_cwe_top25.html
[5]
CVE Details. 2022. CVE Details - The ultimate security vulnerabilities database. https://www.cvedetails.com
[6]
Gregory J Duck, Roland HC Yap, and Lorenzo Cavallaro. 2017. Stack Bounds Protection with Low Fat Pointers. In NDSS, Vol. 17. 1–15.
[7]
Roland H. C. Yap Gregory J. Duck. 2017. LowFat: Lean C/C++ Bounds Checking with Low-Fat Pointers. https://github.com/GJDuck/LowFat
[8]
Part Guide. 2022. Intel® 64 and IA-32 Architectures Software Developer’s Manual. Volume 1: Basic Architecture (2022).
[9]
Jason D Hiser, Clark L Coleman, Michele Co, and Jack W Davidson. 2009. Meds: The memory error detection system. In Engineering Secure Software and Systems: First International Symposium ESSoS 2009, Leuven, Belgium, February 4-6, 2009. Proceedings 1. Springer, 164–179.
[10]
Andrew Hamilton Hunter, Chris Kennelly, Darryl Gove, Parthasarathy Ranganathan, Paul Jack Turner, and Tipp James Moseley. 2021. Beyond malloc efficiency to fleet efficiency: a hugepage-aware memory allocator. (2021).
[11]
Albert Kwon, Udit Dhawan, Jonathan M Smith, Thomas F Knight Jr, and Andre DeHon. 2013. Low-fat pointers: compact encoding and efficient gate-level implementation of fat pointers for spatial safety and capability-based security. In Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security. 721–732.
[12]
Linux. 2021. mmap(2) - man page. https://man7.org/linux/man-pages/man2/mmap.2.html
[13]
Linux. 2021. mprotect(2) - man page. https://man7.org/linux/man-pages/man2/mprotect.2.html
[14]
Linux. 2021. mremap(2) - man page. https://man7.org/linux/man-pages/man2/mremap.2.html
[15]
Chi-Keung Luk, Robert Cohn, Robert Muth, Harish Patil, Artur Klauser, Geoff Lowney, Steven Wallace, Vijay Janapa Reddi, and Kim Hazelwood. 2005. Pin: building customized program analysis tools with dynamic instrumentation. Acm sigplan notices 40, 6 (2005), 190–200.
[16]
Nicholas Nethercote and Julian Seward. 2007. Valgrind: a framework for heavyweight dynamic binary instrumentation. ACM Sigplan notices 42, 6 (2007), 89–100.
[17]
Konstantin Serebryany, Derek Bruening, Alexander Potapenko, and Dmitry Vyukov. 2012. Addresssanitizer: A fast address sanity checker. (2012).
[18]
Julian Seward and Nicholas Nethercote. 2005. Using Valgrind to Detect Undefined Value Errors with Bit-Precision. In USENIX Annual Technical Conference, General Track. 17–30.
[19]
Toshihiro Yamauchi and Yuta Ikegami. 2016. HeapRevolver: Delaying and randomizing timing of release of freed memory area to prevent use-after-free attacks. In Network and System Security: 10th International Conference, NSS 2016, Taipei, Taiwan, September 28-30, 2016, Proceedings 10. Springer, 219–234.

Index Terms

  1. Enhanced Memory Corruption Detection in C/C++ Programs

    Recommendations

    Comments

    Information & Contributors

    Information

    Published In

    cover image ACM Other conferences
    ICPP Workshops '23: Proceedings of the 52nd International Conference on Parallel Processing Workshops
    August 2023
    217 pages
    ISBN:9798400708428
    DOI:10.1145/3605731
    Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 07 September 2023

    Permissions

    Request permissions for this article.

    Check for updates

    Author Tags

    1. Intel SGX
    2. LLVM
    3. memory corruption
    4. page aliasing
    5. red zones
    6. shadow memory
    7. x86-64

    Qualifiers

    • Research-article
    • Research
    • Refereed limited

    Funding Sources

    Conference

    ICPP-W 2023

    Acceptance Rates

    Overall Acceptance Rate 91 of 313 submissions, 29%

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • 0
      Total Citations
    • 92
      Total Downloads
    • Downloads (Last 12 months)58
    • Downloads (Last 6 weeks)3
    Reflects downloads up to 20 Jan 2025

    Other Metrics

    Citations

    View Options

    Login options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    HTML Format

    View this article in HTML Format.

    HTML Format

    Media

    Figures

    Other

    Tables

    Share

    Share

    Share this Publication link

    Share on social media