Modular protections against non-control data attacks

Cole Schlesinger, Karthik Pattabiraman, Nikhil Swamy, David Walker, Benjamin Zorn

Research output: Chapter in Book/Report/Conference proceedingConference contribution

13 Scopus citations

Abstract

This paper introduces Yarra, a conservative extension to C to protect applications from non-control data attacks. Yarra programmers specify their data integrity requirements by declaring critical data types and ascribing these critical types to important data structures. Yarra guarantees that such critical data is only written through pointers with the given static type. Any attempt to write to critical data through a pointer with an invalid type (perhaps because of a buffer overrun) is detected dynamically. We formalize Yarra's semantics and prove the soundness of a program logic designed for use with the language. A key contribution is to show that Yarra's semantics are strong enough to support sound local reasoning and the use of a frame rule, even across calls to unknown, unverified code. We evaluate a prototype implementation of a compiler and runtime system for Yarra by using it to harden four common server applications against known non-control data vulnerabilities. We show that Yarra defends against these attacks with only a negligible impact on their end-to-end performance.

Original languageEnglish (US)
Title of host publicationProceedings - 24th IEEE Computer Security Foundations Symposium, CSF 2011
PublisherIEEE Computer Society
Pages131-145
Number of pages15
ISBN (Print)9780769543659
DOIs
StatePublished - 2011
Event24th Computer Security Foundations Symposium, CSF 2011 - Cernay-la-Ville, France
Duration: Jun 27 2010Jun 29 2010

Publication series

NameProceedings - IEEE Computer Security Foundations Symposium
ISSN (Print)1940-1434

Conference

Conference24th Computer Security Foundations Symposium, CSF 2011
Country/TerritoryFrance
CityCernay-la-Ville
Period6/27/106/29/10

All Science Journal Classification (ASJC) codes

  • General Engineering

Keywords

  • Hoare logic
  • control-flow integrity
  • data integrity
  • data isolation
  • frame rule
  • language-based security
  • non-control data attack

Fingerprint

Dive into the research topics of 'Modular protections against non-control data attacks'. Together they form a unique fingerprint.

Cite this