SoK-Sanitizing-for-Security-%E8%AE%BA%E6%96%87%E7%BB%93%E6%9E%84%E6%A2%B3%E7%90%86/ #22
giscus[bot]
bot
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
SoK-Sanitizing-for-Security-%E8%AE%BA%E6%96%87%E7%BB%93%E6%9E%84%E6%A2%B3%E7%90%86/
Abstract
I. Inctrodcution
II. Exploit Mitigations vs. Sanitizers
III. Low-Level Vulnerabilities
A. Memory Safety Violations
(1) Spatial Safety Violatoins
(2) Temporal Safety Violations
B. Use of Uninitialized Variables
C. Pointer Type Errors
D. Variadic Function Misuse
E. Other Vulnerabilities
IV. Bug Finding Techiques
A. Memory Safety Violations
Location-based Access Checkers
Identity-based Access Checkers
(1) Spatial Memory Safety Violations
Red-zone Insertion
Guard Pages
Per-pointer Bounds Tracking
Per-object Bounds Tracking
(2) Temporal Memory Safety Violations
Reuse Delay
Lock-and-key
Dangling Pointer Tagging
B. Use of Uninitailized Variables
Uninitailized Memory Read Detection
Uninitialized Value Use Dectection
C. Pointer Type Errors
Pointer Casting Monitor
Pointer Use Monitor
D. Variadic Function Misuse
Dangerous Format String Detection
Argument Mismatch Detection
E. Other Vulnerabilities
V. Program Instumentation
A. Language-level Instrumentation
B. IR-level Instrumentation
C. Binary Instrumentation
D. Library Interposition
VI. Metadata Management
A. Object Metadata
Embedded Metadata
Direct-mapped Shadow
Multi-level Shadow
Custom Data Structure
B. Pointer Metadata
Fat Pointers
Tagged Pointers
Disjoint Metadata
C. Static Metadata
VII. Driving A Sanitizer
VIII. Analysis
A. False Positives
B. False Negatives
C. Incomplete Instrumentation
D. Tread Safety
E. Performance Overhead
F. Memory Overhead
IX. Deployment
A. Methodology
Popular Github repositories
Sanitizer web pages
Search trends
B. Findings
AddressSanitizer is the most widely adopted sanitizer
The adoption rate for other LLVM-based sanitizers is lower
C. Deployment Directions
X. Future Research And Development Directions
A. Type Error Detection
B. Improving Compatibility
C. Composing Sanitizers
D. Hardware Support
E. Kernel and Bare-Metal Support
XI. Conclusion
https://hcy-asleep.github.io/SoK-Sanitizing-for-Security-%E8%AE%BA%E6%96%87%E7%BB%93%E6%9E%84%E6%A2%B3%E7%90%86/
Beta Was this translation helpful? Give feedback.
All reactions