Research Article
A Program Manipulation Middleware and Its Applications on System Security
@INPROCEEDINGS{10.1007/978-3-319-78813-5_31, author={Ting Chen and Yang Xu and Xiaosong Zhang}, title={A Program Manipulation Middleware and Its Applications on System Security}, proceedings={Security and Privacy in Communication Networks. 13th International Conference, SecureComm 2017, Niagara Falls, ON, Canada, October 22--25, 2017, Proceedings}, proceedings_a={SECURECOMM}, year={2018}, month={4}, keywords={Program manipulation middleware System security Unified programming interface Portable applications}, doi={10.1007/978-3-319-78813-5_31} }- Ting Chen
Yang Xu
Xiaosong Zhang
Year: 2018
A Program Manipulation Middleware and Its Applications on System Security
SECURECOMM
Springer
DOI: 10.1007/978-3-319-78813-5_31
Abstract
A typical program analysis workflow heavily relies on Program Manipulation Software (PMS), incurring a high learning curve and changing to another PMS requires completely recoding. This work designs a middleware, that sits between the applications and the PMS, hides the differences of various PMS, and provides a unified programming interface. Based on the middleware, programmers can develop portable applications without learning the PMS, thereby reducing the learning and programming efforts. The current implementation of the middleware integrates Dyninst (static analysis) and Pin (dynamic analysis). Moreover, we develop five security applications, aiming to prevent systems from stack overflow, heap corruption, memory allocation/deallocation flaws, invocations of dangerous functions, and division-by-zero bugs. Experiments also show that the middleware incurs small space & runtime overhead, and no false positives. Furthermore, the applications developed on the middleware require much less code, negligible runtime overhead, compared with the applications developed directly on Dyninst and Pin.