Context-aware Failure-oblivious Computing as a Means of Preventing Buffer Overflows
This addresses the need for maintaining system availability in server applications while preventing data leakage and control flow diversion from buffer overflows, representing an incremental improvement over existing mitigation techniques.
The paper tackles the problem of buffer overflows in languages like C by proposing a context-aware failure-oblivious computing approach that prevents errors without aborting programs, demonstrating low performance overhead in tools with explicit bounds tracking.
In languages like C, buffer overflows are widespread. A common mitigation technique is to use tools that detect them during execution and abort the program to prevent the leakage of data or the diversion of control flow. However, for server applications, it would be desirable to prevent such errors while maintaining availability of the system. To this end, we present an approach to handle buffer overflows without aborting the program. This approach involves implementing a continuation logic in library functions based on an introspection function that allows querying the size of a buffer. We demonstrate that introspection can be implemented in popular bug-finding and bug-mitigation tools such as LLVM's AddressSanitizer, SoftBound, and Intel-MPX-based bounds checking. We evaluated our approach in a case study of real-world bugs and show that for tools that explicitly track bounds data, introspection results in a low performance overhead.