Description
C and C++ are powerful and widely used programming languages that provide extensive
control over system resources and memory. However, this level of control also introduces
several memory vulnerabilities, such as buffer overflows and underflows, (re)use-after-free,
and type confusion, which raise security risks and lead to system instability. To address
and mitigate C and C++ vulnerabilities, a key solution is to deploy a sanitizer that identifies
bugs by instrumenting the code and adding runtime checks. Various types of sanitizers
have been proposed, each designed to detect specific types of bugs. However, while they
offer specialized protection against the particular bugs they target, none of them provides
comprehensive memory safety.
In this thesis, we focus on EffectiveSan, a sanitizer that performs a relatively comprehensive
error detection than other sanitizers, including type confusion, (sub-)object bounds overflows,
and (re)use-after-free. However, even though EffectiveSan detects comprehensive memory
errors, it still fails to detect a wide range of bugs in the evaluation framework MemSEF, due
to its implementation and methodological issues. In this work, we improve EffectiveSan’s
prototype to address previously undetected bugs and design a novel approach to significantly
improve its temporal safety. Our improvements achieve a 100% detection rate for temporal
bugs in the MemSEF evaluation. By extending EffectiveSan’s prototype, we provide a more
complete memory safety solution, enhancing its ability to protect against a wider range of
memory vulnerabilities.
|
Thesis topic in co-operation with the Fraunhofer Institute for Applied and Integrated Security AISEC, Garching