Issue No. 01 - January (2012 vol. 61)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/TC.2010.215
Ioannis Doudalis , Georgia Institute of Technology, Atlanta
James Clause , University of Delaware, Newark
Guru Venkataramani , The George Washington University, Washington DC
Milos Prvulovic , Georgia Institute of Technology, Atlanta
Alessandro Orso , Georgia Institute of Technology, Atlanta
Programs written in languages allowing direct access to memory through pointers often contain memory-related faults, which cause nondeterministic failures and security vulnerabilities. We present a new dynamic tainting technique to detect illegal memory accesses. When memory is allocated, at runtime, we taint both the memory and the corresponding pointer using the same taint mark. Taint marks are then propagated and checked every time a memory address m is accessed through a pointer p; if the associated taint marks differ, an illegal access is reported. To allow always-on checking using a low overhead, hardware-assisted implementation, we make several key technical decisions. We use a configurable, low number of reusable taint marks instead of a unique mark for each allocated area of memory, reducing the performance overhead without losing the ability to target most memory-related faults. We also define the technique at the binary level, which helps handle applications using third-party libraries whose source code is unavailable. We created a software-only prototype of our technique and simulated a hardware-assisted implementation. Our results show that 1) it identifies a large class of memory-related faults, even when using only two unique taint marks, and 2) a hardware-assisted implementation can achieve performance overheads in single-digit percentages.
Computer systems organization, hardware/software interfaces, processor architectures, monitors.
Ioannis Doudalis, James Clause, Guru Venkataramani, Milos Prvulovic, Alessandro Orso, "Effective and Efficient Memory Protection Using Dynamic Tainting", IEEE Transactions on Computers, vol. 61, no. , pp. 87-100, January 2012, doi:10.1109/TC.2010.215