Christof Fetzer	Zhen Xiao

Overview

As our reliance on software increases, so does the need to evaluate and enhance the robustness and security of such software. HEALERS is a new software toolkit targeted towards increasing the reliability and security of existing and new applications. HEALERS can automatically generate wrappers for shared libraries to evaluate and/or enhance the robustness of applications. HEALERS performs automatic fault-injection experiments to be able to generate robustness and security wrappers. Such wrappers prevent heap buffer overflows caused by library functions and they detect buffer overflows caused by other functions.

Detection of Buffer Overflow Attacks

Buffer overflow attacks are a major cause of security breaches in modern operating systems. A malicious user might be able to hijack the control flow of a root-privileged program by overwriting a shell script or a function pointer stored on the heap. We developed a security wrapper that provides effective and efficient protection against heap buffer overflows caused by library functions and effective detection of overflows caused by non-library functions. The wrapper intercepts every function call to shared libraries that can write to the heap and performs careful boundary checks before it calls the original function. Our method is transparent to existing programs and does not require source code modification or recompilation.

Automatic Wrapping of Libraries

HEALERS permits a full-automatic or semi-automatic generation of robustness/security wrappers for shared libraries. To facilitate full- and semi-automatic wrapping, HEALERS uses a two phase process. In the first phase, the system extracts the type information for all global functions of a library using header files and man pages. For each function HEALERS uses this type information to generate a fault injector. The fault-injector bombards the function with an adaptive sequence of test cases to determine the weakest argument types that prevent a function from crashing. This automatically derived type information can be extended manually by assertions and additional type information to further increase the robustness/security.

Given the type information derived in the first phase, HEALERS can then generate a variety of wrappers, e.g., retry wrappers, robustness wrappers, and security wrappers. It can also merge different types of wrappers into one single wrapper. A robustness/security wrapper checks that the arguments of the function have the correct type before calling the original function. This checking prevents buffer overflows and robustness violations with a minimal overhead (2%-20%). We evaluate our robustness wrappers with Ballista: HEALERS generated robustness wrappers prevent all crash, hang, and abort failures previously discovered by Ballista.

Publications

• Christof Fetzer and Zhen Xiao. "Automatic Testing of Errors and Vulnerabilities in Software Components". Invited book chapter in Testing Commercial-off-the-shelf Components and Systems, Springer-Verlag, January 2005.
• Christof Fetzer and Zhen Xiao. "HEALERS: A Toolkit for Enhancing the Robustness and Security of Existing Applications", In Proceedings of the International Conference on Dependable Systems and Networks (Practical Experience and Demonstrations), June 2003.
• Christof Fetzer and Zhen Xiao. A Flexible Generator Architecture for Improving Software Dependability. In Proceedings of the 13th International Symposium on Software Reliability Engineering, November 2002.
  Presentation in ISSRE 2002: PDF
• Christof Fetzer and Zhen Xiao. An Automated Approach to Increasing the Robustness of C Libraries. In Proceedings of the IEEE International Conference on Dependable Systems and Networks, June 2002.
  Presentation in DSN 2002: PDF
• Christof Fetzer and Zhen Xiao. Detecting Heap Smashing Attacks Through Fault Containment Wrappers. In Proceedings of the 20th IEEE Symposium on Reliable Distributed Systems, October 2001.
  Presentation in SRDS 2001: PDF

Patents

• Methods and Apparatus for Detecting Heap Smashing Christof Fetzer and Zhen Xiao. U.S. Patent Number 6,832,302, issued on December 14, 2004.
• Method for Detecting Software Errors and Vulnerabilities Christof Fetzer and Zhen Xiao. U.S. patent filed on September 16, 2004.
• Robust Software Library Wrapper Method and Apparatus Christof Fetzer and Zhen Xiao. U.S. patent filed on May 20, 2003.

Invited Talks

• "An Automated Approach to Software Reliability and Security", Department of Computer Science, University of California at Berkeley, June 2003.
  PowerPoint Show

Copyright Zhen Xiao 2001-2006. All rights reserved.