Security and Privacy in Communication Networks. 13th International Conference, SecureComm 2017, Niagara Falls, ON, Canada, October 22–25, 2017, Proceedings

Research Article

A Program Manipulation Middleware and Its Applications on System Security

  • @INPROCEEDINGS{10.1007/978-3-319-78813-5_31,
        author={Ting Chen and Yang Xu and Xiaosong Zhang},
        title={A Program Manipulation Middleware and Its Applications on System Security},
        proceedings={Security and Privacy in Communication Networks. 13th International Conference, SecureComm 2017, Niagara Falls, ON, Canada, October 22--25, 2017, Proceedings},
        proceedings_a={SECURECOMM},
        year={2018},
        month={4},
        keywords={Program manipulation middleware System security Unified programming interface Portable applications},
        doi={10.1007/978-3-319-78813-5_31}
    }
    
  • Ting Chen
    Yang Xu
    Xiaosong Zhang
    Year: 2018
    A Program Manipulation Middleware and Its Applications on System Security
    SECURECOMM
    Springer
    DOI: 10.1007/978-3-319-78813-5_31
Ting Chen1,*, Yang Xu1,*, Xiaosong Zhang1,*
  • 1: University of Electronic Science and Technology of China
*Contact email: chenting19870201@163.com, 18215522740@163.com, brokendragon@uestc.edu.cn

Abstract

A typical program analysis workflow heavily relies on Program Manipulation Software (PMS), incurring a high learning curve and changing to another PMS requires completely recoding. This work designs a middleware, that sits between the applications and the PMS, hides the differences of various PMS, and provides a unified programming interface. Based on the middleware, programmers can develop portable applications without learning the PMS, thereby reducing the learning and programming efforts. The current implementation of the middleware integrates Dyninst (static analysis) and Pin (dynamic analysis). Moreover, we develop five security applications, aiming to prevent systems from stack overflow, heap corruption, memory allocation/deallocation flaws, invocations of dangerous functions, and division-by-zero bugs. Experiments also show that the middleware incurs small space & runtime overhead, and no false positives. Furthermore, the applications developed on the middleware require much less code, negligible runtime overhead, compared with the applications developed directly on Dyninst and Pin.