Show simple item record

dc.contributor.advisorLee, Wenke
dc.contributor.advisorKim, Taesoo
dc.contributor.authorLee, Byoungyoung
dc.date.accessioned2017-08-17T18:57:24Z
dc.date.available2017-08-17T18:57:24Z
dc.date.created2016-08
dc.date.issued2016-08-01
dc.date.submittedAugust 2016
dc.identifier.urihttp://hdl.handle.net/1853/58603
dc.description.abstractThere have been tremendous efforts to build fully secure computer systems, but it is not an easy goal. Making a simple mistake introduces a vulnerability, which can critically endanger a whole system's security. This thesis aims at protecting computer systems from vulnerabilities. We take two complementary approaches in achieving this goal, eliminating or analyzing vulnerabilities. In the vulnerability elimination approach, we eliminate a certain class of memory corruption vulnerabilities to completely close attack vectors from such vulnerabilities. In particular, we develop tools DangNull and CaVer, each of which eliminates popular and emerging vulnerabilities, use-after-free and bad-casting, respectively. DangNull relies on the key observation that the root cause of use-after-free is that pointers are not nullified after the target object is freed. Thus, DangNull instruments a program to trace the object's relationships via pointers and automatically nullifies all pointers when the target object is freed. Similarly, CaVer relies on the key observation that the root cause of bad-casting is that casting operations are not properly verified. Thus, CaVer uses a new runtime type tracing mechanism to overcome the limitation of existing approaches, and performs efficient verification on all type casting operations dynamically. We have implemented these protection solutions and successfully applied them to Chrome and Firefox browsers. Our evaluation showed that DangNull and CaVer imposes 29% and 7.6% benchmark overheads in Chrome, respectively. We have also tested seven use-after-free and five bad-casting exploits in Chrome, and DangNull and CaVer safely prevented them all. In the vulnerability analysis approach, we focus on a timing-channel vulnerability which allows an attacker to learn information about program's sensitive data without causing a program to perform unsafe operations. It is challenging to test and further confirm the timing-channel vulnerability as it typically involves complex algorithmic operations. We implemented SideFinder, an assistant tool identifying timing-channel vulnerabilities in a hash table. Empowered with symbolic execution techniques, SideFinder semi-automatically synthesizes inputs attacking timing-channels, and thus confirms the vulnerability. Using SideFinder, we analyzed and further synthesized two real-world attacks in the Linux kernel, and showed it can break one important security mechanism, Address Space Layout Randomization (ASLR).
dc.format.mimetypeapplication/pdf
dc.publisherGeorgia Institute of Technology
dc.subjectSecurity
dc.subjectVulnerability
dc.subjectUse after free
dc.subjectBad casting
dc.subjectTiming channel
dc.titleProtecting computer systems through eliminating or analyzing vulnerabilities
dc.typeDissertation
dc.description.degreePh.D.
dc.contributor.departmentComputer Science
thesis.degree.levelDoctoral
dc.contributor.committeeMemberHarris, William R.
dc.contributor.committeeMemberOrso, Alessandro
dc.contributor.committeeMemberCui, Weidong
dc.date.updated2017-08-17T18:57:24Z


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record