CUP: Comprehensive User-Space Protection for C/C++
This addresses memory corruption vulnerabilities for C/C++ developers and users, offering a more reliable protection mechanism, though it is incremental in improving existing sanitizer approaches.
The paper tackles the problem of incomplete memory safety coverage in C/C++ applications by introducing CUP, an LLVM sanitizer that provides comprehensive spatial and probabilistic temporal memory safety, reducing false negatives by 10x to 0.1% compared to state-of-the-art tools and eliminating false positives.
Memory corruption vulnerabilities in C/C++ applications enable attackers to execute code, change data, and leak information. Current memory sanitizers do no provide comprehensive coverage of a program's data. In particular, existing tools focus primarily on heap allocations with limited support for stack allocations and globals. Additionally, existing tools focus on the main executable with limited support for system libraries. Further, they suffer from both false positives and false negatives. We present Comprehensive User-Space Protection for C/C++, CUP, an LLVM sanitizer that provides complete spatial and probabilistic temporal memory safety for C/C++ program on 64-bit architectures (with a prototype implementation for x86_64). CUP uses a hybrid metadata scheme that supports all program data including globals, heap, or stack and maintains the ABI. Compared to existing approaches with the NIST Juliet test suite, CUP reduces false negatives by 10x (0.1%) compared to the state of the art LLVM sanitizers, and produces no false positives. CUP instruments all user-space code, including libc and other system libraries, removing them from the trusted code base.