Fail-safe ANSI-C compiler: An approach to making C programs secure progress report

Yutaka Oiwa, Tatsurou Sekiguchi, Eijiro Sumii, Akinori Yonezawa

研究成果: Chapter

17 被引用数 (Scopus)

抄録

It is well known that programs written in C are apt to suffer from nasty errors due to dangling pointers and/or buffer overflow. In particular, such errors in Internet servers are often exploited by malicious attackers to "crack" an entire system, which becomes even social problems nowadays. Nevertheless, it is yet unrealistic to throw away the C language at once because of legacy programs and legacy programmers. To alleviate this dilemma, many approaches to safe implementations of the C language - such as Safe C and CCured - have been proposed and implemented. To our knowledge, however, none of them support all the features of the ANSI C standard and prevent all unsafe operations. (By unsafe operations, we mean any operation that leads to "undefined behavior" , such as array boundary overrun and dereference of a pointer in a wrong type.) This paper describes a memory-safe implementation of the full ANSI C language. Our implementation detects and disallows all unsafe operations, yet conforming to the full ANSI C standard (including casts and unions) and even supporting many "dirty tricks" common in programs beyond ANSI C. This is achieved using sophisticated representations of pointers (and integers) that contain dynamic type and size information. We also devise several techniques - both compile-time and runtime - to reduce the overhead of runtime checks.

本文言語English
ホスト出版物のタイトルLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
編集者Mitsuhiro Okada, Benjamin C. Pierce, Andre Scedrov, Hideyuki Tokuda, Akinori Yonezawa
出版社Springer Verlag
ページ133-153
ページ数21
ISBN(印刷版)3540007083
DOI
出版ステータスPublished - 2003
外部発表はい

出版物シリーズ

名前Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
2609
ISSN(印刷版)0302-9743
ISSN(電子版)1611-3349

ASJC Scopus subject areas

  • 理論的コンピュータサイエンス
  • コンピュータ サイエンス(全般)

フィンガープリント

「Fail-safe ANSI-C compiler: An approach to making C programs secure progress report」の研究トピックを掘り下げます。これらがまとまってユニークなフィンガープリントを構成します。

引用スタイル