Clark L. Coleman

MEDS: The Memory Error Detection System

Memory errors continue to be a major source of software failure. To address this issue, we present MEDS (Memory Error Detection System), a system for detecting memory errors within binary executables. The system can detect buffer overflow, uninitialized data reads, double-free, and deallocated memory access errors and vulnerabilities. It works by using static analysis to prove memory accesses safe. If a memory access cannot be proven safe, MEDS falls back to run-time analysis. The system exceeds previous work with dramatic reductions in false positives, as well as covering all memory segments (stack, static, heap).

Automatic memory hierarchy characterization

As the gap between memory speed and processor speed grows, program transformations to improve the peflormance of the memory system have become increasingly important. To understand and optimize memory performance, researchers and practitioners in performance analysis and compiler design require a detailed understanding of the memory hierarchy of the target computer system. Unfortunately, accurate information about the memory hierarchy is not easy to obtain. Vendor microprocessor documentation is ofen incomplete, vague, or worse, erroneous in its description of important on-chip memory parameters. Furthermore, today S computer systems contain complex, multi-level memory systems where the processor is but one component of the memory system. The accuracy of the documentation on the complete memory system is also lacking. This paper describes the implementation of a portable program that automatically determines all of a computer system’s important memory hierarchy parameters. Automatic determination of memory hierarchy parameters is shown to be superior to reliance on vendor data. The robustness and portability of the approach is demonstrated by determining and validating the memory hierarchy parameters for a number of different computer systems, using several of the emerging performance counter application programming inte

A lightweight software control system for cyber awareness and security

aces.

A Framework for Creating Binary Rewriting Tools (Short Paper)

Designing and building software that is free of defects that can be exploited by malicious adversaries is a difficult task. Despite extensive efforts via the application of formal methods, use of automated software engineering tools, and performing extensive pre-deployment testing, exploitable errors still appear in software. The problem of cyber resilience is further compounded by the growing sophistication of adversaries who can marshal substantial resources to compromise systems. This paper describes a novel, promising approach to improving the resilience of software. The approach is to impose a process-level software control system that continuously monitors an application for signs of attack or failure and responds accordingly. The system uses software dynamic translation to seamlessly insert arbitrary sensors and actuators into an executing binary. The control system employs the sensors to detect attacks and the actuators to effect an appropriate response. Using this approach, several novel monitoring and response systems have been developed. The paper describes our light-weight process-level software control system, our experience using it to increase the resilience of systems, and discusses future research directions for extending and enhancing this powerful approach to achieving cyber awareness and resilience.

A Proof Infrastructure for Binary Programs

The design of many binary-level rewriting and instrumentation systems is based on specifying and implementing an application-programmer interface (API) to provide the necessary functionality for implementing various instrumentation tools. Users implement instrumentation tools by writing code that uses the functionality provided by the implementation of the API. This paper describes a novel approach for realizing powerful binary level instrumentation systems that is based on a simple, low-level language, called SPRI. SPRI is a simple language for specifying edits to apply to a binary. Its simplicity makes SPRI an ideal target language for binary analysis and instrumentation tools. A SPRI specification can then be applied to a binary statically or dynamically to insert the desired instrumentation. To demonstrate the advantages, flexibility, and power of this approach, the paper presents an exemplar instrumentation system that uses a software dynamic translator to apply SPRI-specified edits to a binary, along with several case studies of how the system has been used.

A System for the Security Protection of Embedded Binary Programs

Establishing properties of binary programs by proof is a desirable goal when the properties of interest are crucial, such as those that arise in safety- and security-critical applications. Practical development of proofs for binary programs requires a substantial infrastructure to disassemble the program, define the machine semantics, and actually undertake the required proofs. At the center of these infrastructure requirements is the need to document semantics in a formal language. In this paper we present a work-in-progress proof infrastructure for binary programs based on AdaCore and Altrans integrated development and verification environment, SPARKPro. We illustrate the infrastructure with proof of a security property.

Defense against the dark arts

Software for which development artifacts are missing is increasingly common and difficult to avoid, including in embedded systems. The lack of development artifacts leaves doubt about whether the software possesses critical security properties and makes enhancement of the software extremely difficult. Embedded systems often have strict resource restrictions/constraints making the application of security enhancements especially difficult. In this paper, we present details of a system that is being developed to provide significant protection against security exploits of embedded systems. The system operates on binary programs. No source code or other development artifacts are required, and the typical size and time constraints of embedded systems are accounted for in the analysis and processing of subject binary programs. Formal verification of security properties is used to eliminate unnecessary security transformations, and transformations are applied by a highly efficient static binary rewriter.