Reducing the Security Risks of C and C++ Programming Languages with Code Sanitizers
Uzunoglu, Fatih (2024-05-15)
Reducing the Security Risks of C and C++ Programming Languages with Code Sanitizers
(15.05.2024)
Julkaisu on tekijänoikeussäännösten alainen. Teosta voi lukea ja tulostaa henkilökohtaista käyttöä varten. Käyttö kaupallisiin tarkoituksiin on kielletty.
avoin
Julkaisun pysyvä osoite on:
https://urn.fi/URN:NBN:fi-fe2024052738772
https://urn.fi/URN:NBN:fi-fe2024052738772
Tiivistelmä
C and C++ programming languages have certain characteristics that can act like a double-edged sword. Having direct access to memory allows programmers to implement linked-lists and do pointer arithmetic operations but at the same time it also allows buffer overflows. Or, having vast amount of undefined behaviors allows the compilers to optimize the code to the full extent, but it also causes major vulnerabilities such as double free (i.e. trying to release part of memory that was already released). Code sanitizers, first introduced with the Address Sanitizer by Google in 2012, offer a flexible code weakness mitigation run-time mechanism.
In this thesis, the major code sanitizers were tested on popular open-source software with regard to their effectivenesses on finding bugs that have the potential of compromising security. It is also discussed if they can be employed in production (release mode), and if they can be an alternative to porting code into "secure" languages. It is found out that code sanitizers in certain cases can be used in production in order to reduce the attack surface. Furthermore, it is found out that if disk size is not scarce, Undefined Behavior Sanitizer can be utilized in production without noticeable impact on the performance or memory usage even though the increase of program size it induces has the potential of spoiling spatial locality for the CPU cache mechanisms.
It should be also noted that during experimentation, Undefined Behavior Sanitizer was able to find numerous undefined behaviors in an open-source Minecraft clone game named Minetest. One notable undefined behavior found was thought to cause behavioral divergence between Intel and ARM architectures due to casting negative floating-point number into unsigned integer. The patches containing the fixes which were merged into the upstream repositories are included in this thesis.
The research conducted while writing this thesis suggests that code sanitizers do not necessarily need to be limited being used in debugging sessions, as they are shown to be effective in eliminating the top Common Weakness Enumeration (CWE™) entries while having a modest overhead. The tests done on popular projects and real-world scenarios hint that code sanitizers deserve more attention from software developers.
In this thesis, the major code sanitizers were tested on popular open-source software with regard to their effectivenesses on finding bugs that have the potential of compromising security. It is also discussed if they can be employed in production (release mode), and if they can be an alternative to porting code into "secure" languages. It is found out that code sanitizers in certain cases can be used in production in order to reduce the attack surface. Furthermore, it is found out that if disk size is not scarce, Undefined Behavior Sanitizer can be utilized in production without noticeable impact on the performance or memory usage even though the increase of program size it induces has the potential of spoiling spatial locality for the CPU cache mechanisms.
It should be also noted that during experimentation, Undefined Behavior Sanitizer was able to find numerous undefined behaviors in an open-source Minecraft clone game named Minetest. One notable undefined behavior found was thought to cause behavioral divergence between Intel and ARM architectures due to casting negative floating-point number into unsigned integer. The patches containing the fixes which were merged into the upstream repositories are included in this thesis.
The research conducted while writing this thesis suggests that code sanitizers do not necessarily need to be limited being used in debugging sessions, as they are shown to be effective in eliminating the top Common Weakness Enumeration (CWE™) entries while having a modest overhead. The tests done on popular projects and real-world scenarios hint that code sanitizers deserve more attention from software developers.