Computer Science Building, Room 151
Programs written in C and C++ are susceptible to a number of memory errors, including buffer overflows and dangling pointers. At best, these errors cause crashes or performance degradation. At worst, they enable security vulnerabilities, allowing denial-of-service or remote code execution. Existing runtime systems provide little protection against these errors. They allow minor errors to crash the program and ensure predictability that allows attackers to consistently exploit vulnerabilities.
In this thesis, we introduce a series of runtime systems that detect and tolerate these errors in deployed applications. By design, these systems tolerate minor errors while lowering the probability of successfully exploiting security vulnerabilities. The first such system, Archipelago, protects exceptionally sensitive server applications against severe errors using an object-per-page randomized allocator. It provides near-100% protection against certain common attack vectors. Our second system, DieHarder, combines ideas from Archipelago and previous systems to enable maximal protection against attacks while incurring minimal runtime and memory overhead. Our final system, Exterminator, automatically corrects heap-based buffer overflows and dangling pointers without requiring programmer intervention. Exterminator relies on a low-overhead randomized allocator and statistical inference techniques to isolate and correct errors in deployed applications, deterministically tolerating errors and forcing attackers to adapt to a changing attack surface.
Advisor: Emery Berger