DOCSLIB.ORG

Inline and Sideline Approaches for Low-Cost Memory Safety in C

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Inline and Sideline Approaches for Low-Cost Memory Safety in C UCAM-CL-TR-954 Technical Report ISSN 1476-2986 Number 954 Computer Laboratory Inline and sideline approaches for low-cost memory safety in C Myoung Jin Nam February 2021 15 JJ Thomson Avenue Cambridge CB3 0FD United Kingdom phone +44 1223 763500 https://www.cl.cam.ac.uk/ c 2021 Myoung Jin Nam This technical report is based on a dissertation submitted November 2020 by the author for the degree of Doctor of Philosophy to the University of Cambridge, Selwyn College. Technical reports published by the University of Cambridge Computer Laboratory are freely available via the Internet: https://www.cl.cam.ac.uk/techreports/ ISSN 1476-2986 Inline and Sideline Approaches for Low-cost Memory Safety in C Myoung Jin Nam System languages such as C or C++ are widely used for their high performance, however the allowance of arbitrary pointer arithmetic and typecast introduces a risk of memory corruptions. These memory errors cause unexpected termination of pro- grams, or even worse, attackers can exploit them to alter the behavior of programs or leak crucial data. Despite advances in memory safety solutions, high and unpredictable overhead remains a major challenge. Accepting that it is extremely difficult to achieve com- plete memory safety with the performance level suitable for production deployment, researchers attempt to strike a balance between performance, detection coverage, in- teroperability, precision, and detection timing. Some properties are much more desir- able, e.g. the interoperability with pre-compiled libraries. Comparatively less critical properties are sacrificed for performance, for example, tolerating longer detection de- lay or narrowing down detection coverage by performing approximate or probabilistic checking or detecting only certain errors. Modern solutions compete for performance. The performance matrix of memory safety solutions has two major assessment crite- ria – run-time and memory overheads. Researchers trade-off and balance performance metrics depending on its purpose or placement. Many of them tolerate the increase in memory use for better speed, since memory safety enforcement is more desirable for troubleshooting or testing during development, where a memory resource is not the main issue. Run-time overhead, considered more critical, is impacted by cache misses, dynamic instructions, DRAM row activations, branch predictions and other factors. This research proposes, implements, and evaluates MIU: Memory Integrity Utilities containing three solutions – MemPatrol, FRAMER and spaceMiu. MIU suggests new techniques for practical deployment of memory safety by exploiting free resources with the following focuses: (1) achieving memory safety with overhead < 1% by using concurrency and trading off prompt detection and coverage; but yet providing eventual detection by a monitor isolation design of an in-register monitor process and the use of AES instructions (2) complete memory safety with near-zero false negatives focusing on eliminating overhead, that hardware support cannot resolve, by using a new tagged-pointer representation utilising the top unused bits of a pointer. Acknowledgments First of all, the completion of my PhD would not have been possible without all the support of my supervisor Dr. David J. Greaves. I would like to express my gratitude for his support, advice, and patience. I would like to extend my gratitude to my examiners, Prof. Jon Crowcroft and Prof. Alastair F. Donaldson at Imperial College London, for sharing their valuable ideas and filling the viva with kindness. My sincere thanks also go to Prof. Lawrence C. Paulson, Prof. Byron Cook at University College London, and Dr. Sean B. Holden for their constant encouragement and help. I am indebted to Dr. Periklis Akritidis at Niometrics for his insightful guidance, support, and profound belief in my work and me, along with constructive criticism that pushed me to become a better version of myself. My gratitude extends to Dr. Stephen Kell at University of Kent, Prof. Guy Lemieux at University of British Columbia, Prof. Jin-Young Choi at Korea University, Prof. Wonhong Nam at KonKuk University, Christos Rikoudis at Niometrics, and Dr. Matt Staats at Google for their support and helpful advice that improved my work. I gratefully acknowledge the funding from the Research Foundation of Korea. I would like to thank my former lab mates from the Networks and Operating Sys- tems Group and Automated Reasoning Group and friends for their company and care that made my life in Cambridge a wonderful time, especially (I will omit titles of ’Dr’ from this point. Sorry, Doctors!) – Julien Quintard, Martin A. Ruehl, Ce- cile Ritte, Bence Pasztor, Shu Yan Chan, Atif Alvi, Aisha Elsafty, Jordan Auge, Jean E. Martina, Damien Fay, Ilias Leontiadis, Charalampos Rotsos, Thomas Tuerk, Joon Woong Kim, Maria Rita Massaro, Foula Vagena, Mina Brimpari, Daniel Holland, Tony Coleby, Nicole Coleby, and Vassilis Laganakos. I am also thankful to dear friends for their company during my time in Seoul and Singapore – Hyunyoung Kil, Jeongeun Suh, So Jin Ahn, Nickos Ventouras, Miyoung Kang, Chong Yi, and many more. My deepest gratitude goes to my parents and two brothers for their support and everything. And finally, this thesis is dedicated to my dearest Miu – my little girl, my fur angel – in heaven. 5 Contents Abstract 3 Acknowledgements5 Table of contents9 List of figures 11 List of tables 13 1 Introduction 15 1.1 Contributions.................................. 17 2 Background 19 2.1 Memory Safety................................. 21 2.1.1 Spatial Memory Safety......................... 21 2.1.2 Temporal Memory Safety....................... 25 2.1.3 Architectural Support and Capability Model............ 26 2.2 Type Safety.................................... 29 2.3 Control-Flow Protection............................ 32 2.4 Concurrent Monitoring............................. 33 2.4.1 Monitor Isolation............................ 34 2.4.2 Kernel Integrity Monitors....................... 35 2.4.3 Cryptographic Key Protection.................... 35 3 Overview 37 3.1 FRAMER..................................... 37 3.2 spaceMiu..................................... 37 3.3 MemPatrol.................................... 38 4 FRAMER: A Tagged-Pointer Capability System with Memory Safety Appli- cations 39 4.1 Overview..................................... 39 4.2 FRAMER Approach.............................. 40 4.2.1 Frame Definitions........................... 41 4.2.2 Frame Selection............................. 42 4.2.3 Metadata Storage Management.................... 42 4.3 FRAMER Implementation........................... 46 4.3.1 Overview................................ 46 7 8 Contents 4.3.2 Memory Allocation Transformations................ 47 4.3.3 Memory Access............................. 48 4.3.4 Interoperability............................. 49 4.4 FRAMER Applications............................. 49 4.4.1 Spatial Memory Safety......................... 49 4.4.2 Temporal Memory Safety....................... 52 4.5 Optimisations.................................. 52 4.6 Evaluation.................................... 53 4.6.1 Memory Overhead........................... 54 4.6.2 Slowdown................................ 55 4.6.3 Data Cache Misses........................... 57 4.6.4 Instructions Executed......................... 58 4.6.5 Branch Misses.............................. 59 4.7 Discussion.................................... 60 4.7.1 Comparison with Other Approaches................ 60 4.7.2 Hardware Implementation of FRAMER............... 60 4.7.3 Additional Optimisations....................... 61 4.8 Conclusion.................................... 61 5 SpaceMiu: Practical Type Safety for C 63 5.1 Overview..................................... 63 5.2 Types and Type Relations........................... 64 5.2.1 Type Representation.......................... 64 5.2.2 Physical Equality............................ 65 5.2.3 Physical Sub-typing and Type Relation............... 66 5.3 Run-Time Typecast Checking......................... 66 5.3.1 Object-to-type Mapping........................ 68 5.3.2 Per-object Metadata Management and Pointer-to-Type Mapping 69 5.3.3 Type Confusion Checking....................... 70 5.4 Union Type................................... 71 5.5 spaceMiu Implementation........................... 73 5.5.1 Creation of Type Descriptors..................... 74 5.5.2 Program Initialisation......................... 74 5.5.3 Memory Allocation........................... 74 5.5.4 Type Cast................................ 76 5.5.5 Memory Access............................. 76 5.5.6 String Functions............................ 76 5.6 Evaluation.................................... 76 5.6.1 Memory Overheads.......................... 77 5.6.2 Slowdown................................ 78 5.6.3 Executed Instructions......................... 79 5.6.4 L1 D-cache Misses........................... 80 5.6.5 Branch Prediction............................ 80 5.7 Discussion.................................... 81 5.7.1 Effective Type Detection for Heap Objects............. 81 5.7.2 String Functions and Effective Type................. 81 Contents 9 5.7.3 Aliasing Rules.............................. 82 5.7.4 Per-object Metadata Placement.................... 82 5.8 Conclusion.................................... 83 6 MemPatrol: Reliable Sideline Integrity Monitoring for High-Performance Systems 85 6.1 Overview..................................... 85 6.2 Threat Model.................................
Load more

Recommended publications
  • Security Analysis of Docker Containers in a Production Environment
    Security analysis of Docker containers in a production environment Jon-Anders Kabbe Master of Science in Communication Technology Submission date: June 2017 Supervisor: Colin Alexander Boyd, IIK Co-supervisor: Audun Bjørkøy, TIND Technologies Norwegian University of Science and Technology Department of Information Security and Communication Technology Title: Security Analysis of Docker Containers in a Production Environment Student: Jon-Anders Kabbe Problem description: Deployment of Docker containers has achieved its popularity by providing an au- tomatable and stable environment serving a particular application. Docker creates a separate image of a file system with everything the application require during runtime. Containers run atop the regular file system as separate units containing only libraries and tools that particular application require. Docker containers reduce the attack surface, improves process interaction and sim- plifies sandboxing. But containers also raise security concerns, reduced segregation between the operating system and application, out of date or variations in libraries and tools and is still an unsettled technology. Docker containers provide a stable and static environment for applications; this is achieved by creating a static image of only libraries and tools the specific application needs during runtime. Out of date tools and libraries are a major security risk when exposing applications over the Internet, but availability is essential in a competitive market. Does Docker raise some security concerns compared to standard application deploy- ment such as hypervisor-based virtual machines? Is the Docker “best practices” sufficient to secure the container and how does this compare to traditional virtual machine application deployment? Responsible professor: Colin Alexander Boyd, ITEM Supervisor: Audun Bjørkøy, TIND Technologies Abstract Container technology for hosting applications on the web is gaining traction as the preferred mode of deployment.
    [Show full text]
  • Firecracker: Lightweight Virtualization for Serverless Applications
    Firecracker: Lightweight Virtualization for Serverless Applications Alexandru Agache, Marc Brooker, Andreea Florescu, Alexandra Iordache, Anthony Liguori, Rolf Neugebauer, Phil Piwonka, and Diana-Maria Popa, Amazon Web Services https://www.usenix.org/conference/nsdi20/presentation/agache This paper is included in the Proceedings of the 17th USENIX Symposium on Networked Systems Design and Implementation (NSDI ’20) February 25–27, 2020 • Santa Clara, CA, USA 978-1-939133-13-7 Open access to the Proceedings of the 17th USENIX Symposium on Networked Systems Design and Implementation (NSDI ’20) is sponsored by Firecracker: Lightweight Virtualization for Serverless Applications Alexandru Agache Marc Brooker Andreea Florescu Amazon Web Services Amazon Web Services Amazon Web Services Alexandra Iordache Anthony Liguori Rolf Neugebauer Amazon Web Services Amazon Web Services Amazon Web Services Phil Piwonka Diana-Maria Popa Amazon Web Services Amazon Web Services Abstract vantage over traditional server provisioning processes: mul- titenancy allows servers to be shared across a large num- Serverless containers and functions are widely used for de- ber of workloads, and the ability to provision new func- ploying and managing software in the cloud. Their popularity tions and containers in milliseconds allows capacity to be is due to reduced cost of operations, improved utilization of switched between workloads quickly as demand changes. hardware, and faster scaling than traditional deployment meth- Serverless is also attracting the attention of the research com- ods. The economics and scale of serverless applications de- munity [21,26,27,44,47], including work on scaling out video mand that workloads from multiple customers run on the same encoding [13], linear algebra [20, 53] and parallel compila- hardware with minimal overhead, while preserving strong se- tion [12].
    [Show full text]
  • Protecting the Stack with Metadata Policies and Tagged Hardware
    2018 IEEE Symposium on Security and Privacy Protecting the Stack with Metadata Policies and Tagged Hardware Nick Roessler Andre´ DeHon University of Pennsylvania University of Pennsylvania [email protected] [email protected] Abstract—The program call stack is a major source of ex- stack data, or hijack the exposed function call mechanism in ploitable security vulnerabilities in low-level, unsafe languages a host of other malicious ways. like C. In conventional runtime implementations, the underlying Consequently, protecting the stack abstraction is critical stack data is exposed and unprotected, allowing programming errors to turn into security violations. In this work, we design for application security. Currently deployed defenses such as W X and stack canaries [2] make attacks more difficult to novel metadata-tag based, stack-protection security policies for ⊕ a general-purpose tagged architecture. Our policies specifically conduct, but do not protect against more sophisticated attack exploit the natural locality of dynamic program call graphs to techniques. Full memory safety can be retrofitted onto existing achieve cacheability of the metadata rules that they require. C/C++ code through added software checks, but at a high cost Our simple Return Address Protection policy has a performance overhead of 1.2% but just protects return addresses. The two of 100% or more in runtime overhead [3]. These expensive richer policies we present, Static Authorities and Depth Isola- solutions are unused in practice due to their unacceptably high tion, provide object-level protection for all stack objects. When overheads [4]. enforcing memory safety, our Static Authorities policy has a There is a long history of accelerating security policies with performance overhead of 5.7% and our Depth Isolation policy hardware to bring their overheads to more bearable levels has a performance overhead of 4.5%.
    [Show full text]
  • A Reliable Booting System for Zynq Ultrascale+ Mpsoc Devices
    A reliable booting system for Zynq Ultrascale+ MPSoC devices An embedded solution that provides fallbacks in different parts of the Zynq MPSoC booting process, to assure successful booting into a Linux operating system. A thesis presented for the Bachelor of Science in Electrical Engineering at the University of Applied Sciences Utrecht Name Nekija Dˇzemaili Student ID 1702168 University supervisor Corn´eDuiser CERN supervisors Marc Dobson & Petr Zejdlˇ Field of study Electrical Engineering (embedded systems) CERN-THESIS-2021-031 17/03/2021 February 15th, 2021 Geneva, Switzerland A reliable booting system for Zynq Ultrascale+ MPSoC devices Disclaimer The board of the foundation HU University of Applied Sciences in Utrecht does not accept any form of liability for damage resulting from usage of data, resources, methods, or procedures as described in this report. Duplication without consent of the author or the college is not permitted. If the graduation assignment is executed within a company, explicit consent of the company is necessary for duplication or copying of text from this report. Het bestuur van de Stichting Hogeschool Utrecht te Utrecht aanvaardt geen enkele aansprakelijkheid voor schade voortvloeiende uit het gebruik van enig gegeven, hulpmiddel, werkwijze of procedure in dit verslag beschreven. Vermenigvuldiging zonder toestemming van de auteur(s) en de school is niet toegestaan. Indien het afstudeerwerk in een bedrijf is verricht, is voor vermenigvuldiging of overname van tekst uit dit verslag eveneens toestemming van het bedrijf vereist. N. Dˇzemaili page 1 of 110 A reliable booting system for Zynq Ultrascale+ MPSoC devices Preface This thesis was written for the BSc Electrical Engineering degree of the HU University of Applied Sciences Utrecht, the Netherlands.
    [Show full text]
  • SAS RAID Controllers for Linux on the M6-700 Or M7-700
    SAS RAID controllers for Linux on the M6-700 or M7-700 ESCALA Power7 REFERENCE 86 A1 65FF 01 ESCALA Power7 SAS RAID controllers for Linux on the M6-700 or M7-700 This publication concerns the following models: - Bull Escala E5-700 (Power 750 / 8233-E8B) - Bull Escala M6-700 (Power 770 / 9117-MMB) - Bull Escala M7-700 (Power 780 / 9179-MHB) - Bull Escala E1-700 (Power 710 / 8231-E2B) - Bull Escala E2-700 / E2-700T (Power 720 / 8202-E4B) - Bull Escala E3-700 (Power 730 / 8231-E2B) - Bull Escala E4-700 / E4-700T (Power 740 / 8205-E6B) References to Power 755 / 8236-E8C models are irrelevant. Hardware September 2010 BULL CEDOC 357 AVENUE PATTON B.P.20845 49008 ANGERS CEDEX 01 FRANCE REFERENCE 86 A1 65FF 01 The following copyright notice protects this book under Copyright laws which prohibit such actions as, but not limited to, copying, distributing, modifying, and making derivative works. Copyright Bull SAS 2007-2010 Printed in France Suggestions and criticisms concerning the form, content, and presentation of this book are invited. A form is provided at the end of this book for this purpose. To order additional copies of this book or other Bull Technical Publications, you are invited to use the Ordering Form also provided at the end of this book. Trademarks and Acknowledgements We acknowledge the right of proprietors of trademarks mentioned in this book. The information in this document is subject to change without notice. Bull will not be liable for errors contained herein, or for incidental or consequential damages in connection with the use of this material.
    [Show full text]
  • In-Fat Pointer: Hardware-Assisted Tagged-Pointer Spatial Memory Safety Defense with Subobject Granularity Protection
    In-Fat Pointer: Hardware-Assisted Tagged-Pointer Spatial Memory Safety Defense with Subobject Granularity Protection Shengjie Xu Wei Huang David Lie [email protected] [email protected] [email protected] University of Toronto University of Toronto University of Toronto Canada Canada Canada ABSTRACT 1 INTRODUCTION Programming languages like C and C++ are not memory-safe be- Memory corruption vulnerabilities in programs written in non- cause they provide programmers with low-level pointer manipu- memory-safe programming languages like C and C++ have been lation primitives. The incorrect use of these primitives can result a research focus for more than a decade [40]. When a pointer is in bugs and security vulnerabilities: for example, spatial memory dereferenced, errors, causing memory-safety violations, can result safety errors can be caused by dereferencing pointers outside the in the unintended disclosure or corruption of memory. Such errors legitimate address range belonging to the corresponding object. are a powerful primitive for attackers to mount further attacks, While a range of schemes to provide protection against these vul- such as code reuse attacks [34] and data-only attacks [18]. Memory- nerabilities have been proposed, they all suffer from the lack of one safety violations usually result from spatial memory errors, where or more of low performance overhead, compatibility with legacy incorrect pointer arithmetic causes an address to point outside the code, or comprehensive protection for all objects and subobjects. intended memory range when it is dereferenced. We present In-Fat Pointer, the first hardware-assisted defense To detect all spatial memory errors, the value of the pointer that can achieve spatial memory safety at subobject granularity must be checked against pointer bounds, which are metadata that while maintaining compatibility with legacy code and low over- describes the memory range over which the pointer may safely head.
    [Show full text]
  • Optimistic Compiler Optimizations for Network Systems Sapan Bhatia
    Optimistic compiler optimizations for network systems Sapan Bhatia To cite this version: Sapan Bhatia. Optimistic compiler optimizations for network systems. Software Engineering [cs.SE]. Université Sciences et Technologies - Bordeaux I, 2006. English. tel-00402492 HAL Id: tel-00402492 https://tel.archives-ouvertes.fr/tel-00402492 Submitted on 7 Jul 2009 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. i Ecole´ doctorale de Math´ematiques et Informatique de Bordeaux/No. d’ordre 3169 Optimisations de Compilateur Optimistes pour les Syst`emes R´eseaux (Optimistic compiler optimizations for network systems) THESE` pr´esent´ee et soutenue publiquement le 9 Juin 2006 pour l’obtention du Doctorat de l’universit´ede Bordeaux 1 (sp´ecialit´einformatique) par Sapan Bhatia Composition du jury Pr´esident : Raymond Namyst (Professeur) Rapporteurs : Gilles Muller (Professeur) Marc Shapiro (Directeur de recherche) Directeur de th`ese: Charles Consel (Professeur) Laboratoire Bordelais de Recherche en Informatique ii iii This thesis is dedicated to you, the reader. iv Contents List of Figures viii 1 Introduction 1 1.1 Overview: optimizations and system architecture ........... 2 1.2 Contributions ............................... 3 1.2.1 Protocol-stack specialization ................... 4 1.2.2 Remote specialization ......................
    [Show full text]
  • 2018 NSFOCUS Technical Report on Container Security NSFOCUS Star Cloud Laboratory
    01010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101 2018 NSFOCUS Technical Report on Container Security NSFOCUS Star Cloud Laboratory © 2018 NSFOCUS About NSFOCUS NSFOCUS is an iconic internet and application security company with over 18 years of proven industry experience. Today, we are operating globally with 2000+ employees at two headquarters in Beijing, China and 40+ offices worldwide including the IBD HQ in Santa Clara, CA, USA. NSFOCUS protects four of the ten largest global telecommunications companies and four of the five largest global financial institutions. With its multi-tenant and distributed cloud security platform, NSFOCUS effectively moves security into the internet backbone by: operating in data centers around the world, enabling organizations to fully leverage the promise of cloud computing, providing unparalleled and uncompromising protection and performance, and empowering our partners to provide better security as a service in a smart and simple way. NSFOCUS delivers holistic, carrier-grade, hybrid DDoS and web security powered by industry leading threat intelligence. About NeuVector NeuVector is the first company to develop Docker/Kubernetes security products. It is the leader in container network security and delivers the first and only multivector container security platform. NeuVector has committed to guaranteeing the security of enterprise-level container platforms, with its products applicable to cloud, multi-cloud, and
    [Show full text]
  • Fast and Generic Metadata Management with Mid-Fat Pointers
    Fast and Generic Metadata Management with Mid-Fat Pointers ∗ ∗ Taddeus Kroes Koen Koning [email protected] [email protected] Cristiano Giuffrida Herbert Bos Erik van der Kouwe [email protected] [email protected] [email protected] Vrije Universiteit Amsterdam ABSTRACT there is an increasing need for generic and composable de- Object metadata management schemes are a fundamental fense frameworks, which can combine multiple defenses but building block in many modern defenses and significantly disable others to tune the performance-security trade-off affect the overall run-time overhead of a software harden- according to the deployment requirements [23]. Second, we ing solution. To support fast metadata lookup, many meta- need fast pointer-to-object metadata lookup schemes to em- data management schemes embed metadata tags directly in- power such frameworks [12]. A promising strategy to design side pointers. However, existing schemes using such tagged such schemes efficiently is to embed tags inside pointers. pointers either provide poor compatibility or restrict the Two tagged pointer schemes dominate the literature. Fat generality of the solution. pointers change the size and representation of pointers to In this paper, we propose mid-fat pointers to implement support arbitrary metadata tags [4, 14, 19]. This solution fast and generic metadata management while retaining most can support generic defenses with no restrictions, but it is of the compatibility benefits of existing schemes. The key plagued by compatibility problems since pointers radically idea is to use spare bits in a regular 64-bit pointer to encode change their format [6,7]. Low-fat pointers carefully place arbitrary metadata and piggyback on software fault isola- objects in the memory address space to implement the other tion (SFI) already employed by many modern defenses to extreme: no changes in pointer size and representation, and efficiently decode regular pointers at memory access time.
    [Show full text]
  • Maxsim: a Simulation Platform for Managed Applications
    R MaxSim: A Simulation Platform for Managed Applications Open-source: https://github.com/beehive-lab/MaxSim Andrey Rodchenko, Christos Kotselidis, Andy Nisbet, Antoniu Pop, Mikel Lujan Advanced Processor Technologies Group, School Of Computer Science, The University of Manchester Overview R ● What simulation platform for managed applications is needed and why? ● VM Selection Justification: Maxine VM ● Simulator Selection Justification: ZSim ● MaxSim: Overview and Features ● Use Cases: Characterization, Profiling, and HW/SW Co-design ● Conclusion 1 What simulation platform for managed R applications is needed and why? TIOBE Programming Community Index (March 2017) 1. Java 2. C 3. C++ 4. C# 5. Python 6. Visual Basic .NET 7. PHP 8. JavaScript 9. Delphi/Object Pascal 10. Swift Source: www.tiobe.com 25 20 ) % ( s 15 g n i t a 10 R 5 0 2002 2004 2006 2008 2010 2012 2014 2016 2 What simulation platform for managed R applications is needed and why? Specific Characteristics of Managed Applications // Example of a class. Memory class Foo { Stack Heap public long bar; 0x00 } obj:0xd0 // Source code example. 0x40 0xd0 CIP:0x80 { // Allocation site. ... Code Cache 0xd8 <reserved> Object obj = new Foo(); 0x78 0xe0 bar:0x00 ... // GC can happen. ... // Type introspection. 0x80 if (obj instanceof Foo) { Class - reference ... ... } Information - primitive } 0xb8 ● ● Distributed in the verifiable JIT compilation and bytecode format interpretation ● ● Automatic memory Object orientation and management associated metadata 3 What simulation platform for managed
    [Show full text]
  • Professional Linux Programming / Jon Masters, Richard Blum
    01_776130 ffirs.qxp 2/2/07 10:13 PM Page iii Professional Linux® Programming Jon Masters Richard Blum 01_776130 ffirs.qxp 2/2/07 10:13 PM Page ii 01_776130 ffirs.qxp 2/2/07 10:13 PM Page i Professional Linux® Programming 01_776130 ffirs.qxp 2/2/07 10:13 PM Page ii 01_776130 ffirs.qxp 2/2/07 10:13 PM Page iii Professional Linux® Programming Jon Masters Richard Blum 01_776130 ffirs.qxp 2/2/07 10:13 PM Page iv Professional Linux® Programming Published by Wiley Publishing, Inc. 10475 Crosspoint Boulevard Indianapolis, IN 46256 www.wiley.com Copyright © 2007 by Wiley Publishing, Inc., Indianapolis, Indiana Published simultaneously in Canada Manufactured in the United States of America 10 9 8 7 6 5 4 3 2 1 Library of Congress Cataloging-in-Publication Data: Masters, Jon, 1981- Professional Linux programming / Jon Masters, Richard Blum. p. cm. Includes index. ISBN: 978-0-471-77613-0 (paper/website) 1. Linux. 2. Operating systems (Computers) I. Blum, Richard, 1962- II. Title. QA76.76.O63M37153 2007 005.4’32—dc22 2006102202 No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600.
    [Show full text]
  • Linux Kernel Security Overview
    Linux Kernel Security Overview Kernel Conference Australia Brisbane, 2009 James Morris [email protected] Introduction Historical Background ● Linux started out with traditional Unix security – Discretionary Access Control (DAC) ● Security has been enhanced, but is constrained by original Unix design, POSIX etc. ● Approach is continual retrofit of newer security schemes, rather than fundamental redesign “The first fact to face is that UNIX was not developed with security, in any realistic sense, in mind; this fact alone guarantees a vast number of holes.” Dennis Ritchie, “On the Security of UNIX”, 1979 DAC ● Simple and quite effective, but inadequate for modern environment: – Does not protect against flawed or malicious code ● Linux implementation stems from traditional Unix: – User and group IDs – User/group/other + read/write/execute – User controls own policy – Superuser can violate policy “It must be recognized that the mere notion of a super-user is a theoretical, and usually practical, blemish on any protection scheme.” Ibid. Extended DAC ● POSIX Capabilities (privileges) – Process-based since Linux kernel v2.2 ● Limited usefulness – File-based support relatively recent (v2.6.24) ● May help eliminate setuid root binaries ● Access Control Lists (ACLs) – Based on abandoned POSIX spec – Uses extended attributes API Linux Namespaces ● File system namespaces introduced in 2000, derived from Plan 9. – Not used much until mount propagation provided more flexibility (e.g. shared RO “/”) – Mounts private by default ● Syscalls unshare(2) and
    [Show full text]