Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
Contenuto fornito da Black Hat / CMP and Jeff Moss. Tutti i contenuti dei podcast, inclusi episodi, grafica e descrizioni dei podcast, vengono caricati e forniti direttamente da Black Hat / CMP and Jeff Moss o dal partner della piattaforma podcast. Se ritieni che qualcuno stia utilizzando la tua opera protetta da copyright senza la tua autorizzazione, puoi seguire la procedura descritta qui https://it.player.fm/legal.
Player FM - App Podcast
Vai offline con l'app Player FM !
Vai offline con l'app Player FM !
Tzi-cker Chiueh: Checking Array Bound Violation Using Segmentation Hardware
Manage episode 155121461 series 1146744
Contenuto fornito da Black Hat / CMP and Jeff Moss. Tutti i contenuti dei podcast, inclusi episodi, grafica e descrizioni dei podcast, vengono caricati e forniti direttamente da Black Hat / CMP and Jeff Moss o dal partner della piattaforma podcast. Se ritieni che qualcuno stia utilizzando la tua opera protetta da copyright senza la tua autorizzazione, puoi seguire la procedura descritta qui https://it.player.fm/legal.
The ability to check memory references against their associated array/buffer bounds helps programmers to detect programming errors involving address overruns early on and thus avoid many difficult bugs down the line. Because such programming errors have been the targets of remote attacks, i.e., buffer overflow attack, prevention of array bound violation is essential for the security and robustness of application programs that provide service on the Internet. This talk proposes a novel approach called CASH to the array bound checking problem that exploits the segmentation feature in the virtual memory hardware of the X86 architecture. The CASH approach allocates a separate segment to each static array or dynamically allocated buffer, and generates the instructions for array references in such a way that the segment limit check in X86's virtual memory protection mechanism performs the necessary array bound checking for free. In those cases that hardware bound checking is not possible, it falls back to software bound checking. As a result, CASH does not need to pay per-reference software checking overhead in most cases. However, the CASH approach incurs a fixed set-up overhead for each use of an array, which may involve multiple array references. The existence of this overhead requires compiler writers to judiciously apply the proposed technique to minimize the performance cost of array bound checking. This talk will describe the detailed design and implementation of the CASH compiler, and a comprehensive evaluation of various performance tradeoffs associated with the proposed array bound checking technique. For the set of production-grade network applications we tested, including Apache, Sendmail, Bind, etc., the latency penalty of CASH's bound checking mechanism is between 2.5% to 9.8% when compared with the baseline case that does not perform any bound checking. Dr. Tzi-cker Chiueh is a Professor in the Computer Science Department of Stony Brook University, and the Chief Scientist of Rether Networks Inc. He received his B.S. in EE from National Taiwan University, M.S. in CS from Stanford University, and Ph.D. in CS from University of California at Berkeley in 1984, 1988, and 1992, respectively. He received an NSF CAREER award in 1995, and has published over 130 technical papers in refereed conferences and journals in the areas of operating systems, networking, and computer security. He has developed several innovative security systems/products in the past several years, including SEES (Secure Mobile Code Execution Service), PAID (Program Semantics-Aware Intrusion Detection), DOFS (Display-Only File Server), and CASH.
…
continue reading
61 episodi
Tzi-cker Chiueh: Checking Array Bound Violation Using Segmentation Hardware
Black Hat Briefings, Las Vegas 2005 [Audio] Presentations from the security conference
Manage episode 155121461 series 1146744
Contenuto fornito da Black Hat / CMP and Jeff Moss. Tutti i contenuti dei podcast, inclusi episodi, grafica e descrizioni dei podcast, vengono caricati e forniti direttamente da Black Hat / CMP and Jeff Moss o dal partner della piattaforma podcast. Se ritieni che qualcuno stia utilizzando la tua opera protetta da copyright senza la tua autorizzazione, puoi seguire la procedura descritta qui https://it.player.fm/legal.
The ability to check memory references against their associated array/buffer bounds helps programmers to detect programming errors involving address overruns early on and thus avoid many difficult bugs down the line. Because such programming errors have been the targets of remote attacks, i.e., buffer overflow attack, prevention of array bound violation is essential for the security and robustness of application programs that provide service on the Internet. This talk proposes a novel approach called CASH to the array bound checking problem that exploits the segmentation feature in the virtual memory hardware of the X86 architecture. The CASH approach allocates a separate segment to each static array or dynamically allocated buffer, and generates the instructions for array references in such a way that the segment limit check in X86's virtual memory protection mechanism performs the necessary array bound checking for free. In those cases that hardware bound checking is not possible, it falls back to software bound checking. As a result, CASH does not need to pay per-reference software checking overhead in most cases. However, the CASH approach incurs a fixed set-up overhead for each use of an array, which may involve multiple array references. The existence of this overhead requires compiler writers to judiciously apply the proposed technique to minimize the performance cost of array bound checking. This talk will describe the detailed design and implementation of the CASH compiler, and a comprehensive evaluation of various performance tradeoffs associated with the proposed array bound checking technique. For the set of production-grade network applications we tested, including Apache, Sendmail, Bind, etc., the latency penalty of CASH's bound checking mechanism is between 2.5% to 9.8% when compared with the baseline case that does not perform any bound checking. Dr. Tzi-cker Chiueh is a Professor in the Computer Science Department of Stony Brook University, and the Chief Scientist of Rether Networks Inc. He received his B.S. in EE from National Taiwan University, M.S. in CS from Stanford University, and Ph.D. in CS from University of California at Berkeley in 1984, 1988, and 1992, respectively. He received an NSF CAREER award in 1995, and has published over 130 technical papers in refereed conferences and journals in the areas of operating systems, networking, and computer security. He has developed several innovative security systems/products in the past several years, including SEES (Secure Mobile Code Execution Service), PAID (Program Semantics-Aware Intrusion Detection), DOFS (Display-Only File Server), and CASH.
…
continue reading
61 episodi
Tutti gli episodi
×Benvenuto su Player FM!
Player FM ricerca sul web podcast di alta qualità che tu possa goderti adesso. È la migliore app di podcast e funziona su Android, iPhone e web. Registrati per sincronizzare le iscrizioni su tutti i tuoi dispositivi.