English

Context-aware Failure-oblivious Computing as a Means of Preventing Buffer Overflows

Cryptography and Security 2018-11-26 v3

Abstract

In languages like C, buffer overflows are widespread. A common mitigation technique is to use tools that detect them during execution and abort the program to prevent the leakage of data or the diversion of control flow. However, for server applications, it would be desirable to prevent such errors while maintaining availability of the system. To this end, we present an approach to handle buffer overflows without aborting the program. This approach involves implementing a continuation logic in library functions based on an introspection function that allows querying the size of a buffer. We demonstrate that introspection can be implemented in popular bug-finding and bug-mitigation tools such as LLVM's AddressSanitizer, SoftBound, and Intel-MPX-based bounds checking. We evaluated our approach in a case study of real-world bugs and show that for tools that explicitly track bounds data, introspection results in a low performance overhead.

Keywords

Cite

@article{arxiv.1806.09026,
  title  = {Context-aware Failure-oblivious Computing as a Means of Preventing Buffer Overflows},
  author = {Manuel Rigger and Daniel Pekarek and Hanspeter Mössenböck},
  journal= {arXiv preprint arXiv:1806.09026},
  year   = {2018}
}

Comments

Accepted at the 12th International Conference on Network and System Security

R2 v1 2026-06-23T02:39:29.437Z