Context-Aware Failure-Oblivious Computing as a Means of Preventing Buffer Overflows
Sprache des Vortragstitels:
12th International Conference on Network and System Security (NSS-2018)
Sprache des Tagungstitel:
In languages like C, buffer overflows are widespread. A common mitigation technique is to use tools that detect them during execution and abort the program to prevent data leakage or the diversion of control flow. However, for server applications, it would be desirable to prevent such errors while maintaining availability of the system. To this end, we present an approach to handling buffer overflows without aborting the program. This approach involves implementing a recovery logic in library functions based on an introspection function that allows querying the size of a buffer. We demonstrate that introspection can be implemented in popular bug-finding and bug-mitigation tools such as LLVM?s AddressSanitizer, SoftBound, and Intel-MPX-based bounds checking. We evaluated our approach in a case study of real-world bugs and show that for tools that explicitly track bounds data, introspection results in a low performance overhead.