Sciweavers

Share
ESORICS
2004
Springer

ARCHERR: Runtime Environment Driven Program Safety

12 years 1 months ago
ARCHERR: Runtime Environment Driven Program Safety
Parameters of a program’s runtime environment such as the machine architecture and operating system largely determine whether a vulnerability can be exploited. For example, the machine word size is an important factor in an integer overflow attack and likewise the memory layout of a process in a buffer or heap overflow attack. In this paper, we present an analysis of the effects of a runtime environment on a language’s data types. Based on this analysis, we have developed Archerr, an automated one-pass source-to-source transformer that derives appropriate architecture dependent runtime safety error checks and inserts them in C source programs. Our approach achieves comprehensive vulnerability coverage against a wide array of program-level exploits including integer overflows/underflows. We demonstrate the efficacy of our technique on versions of C programs with known vulnerabilities such as Sendmail. We have benchmarked our technique and the results show that it is in general...
Ramkumar Chinchani, Anusha Iyer, Bharat Jayaraman,
Added 01 Jul 2010
Updated 01 Jul 2010
Type Conference
Year 2004
Where ESORICS
Authors Ramkumar Chinchani, Anusha Iyer, Bharat Jayaraman, Shambhu J. Upadhyaya
Comments (0)
books