this is for holding javascript data
Ye edited Motivation_System_and_high_performance__.md
about 8 years ago
Commit id: 94d6182867832766ca895879cb2ae9255bf5ef32
deletions | additions
diff --git a/Motivation_System_and_high_performance__.md b/Motivation_System_and_high_performance__.md
index 1d98ccf..4f4a7c7 100644
--- a/Motivation_System_and_high_performance__.md
+++ b/Motivation_System_and_high_performance__.md
...
System and high performance computing code are often written in low level languages such as C and C++. Low level languages provide high performance but are open to memory corruption attacks due to lack memory safety and manual memory management. Memory corruption attacks \cite{Szekeres_2013} starts by creating memory errors such as overflows, underflows or dangling pointers. One main type of memory corruption attack is control-flow hijacking that takes control of the entire program by using memory errors to enable the write and execution of desired instructions. The classic control-flow attack that works by overwriting the program with new instructions can prevented with non-executable data policies, however attacks can use Jump Oriented Programming (JOP) to bypass data policies by chaining in-memory code. One common library used for JOP is libc, these attacks are referred "return-to-libc" attacks. There are enough instruction sequences in libc's functions that make it Turing complete \cite{Tran_2011}, allowing attackers to chain together these sequences to create arbitrary programs. Currently there are no policies that prevent JOP because it executes valid code from memory, but mitigation techniques \cite{Li_2010, Pappas_2012, pledge} can be applied to reduce the effectiveness of such attacks.
Based on the observation that JOP uses many libraries that make system calls, De Raadt proposed a new mitigation technique against control-flow attacks _Pledge_\cite{pledge} for the OpenBSD operating system. To reduce
the attack
surface, programmers surfaces, programs in OpenBSD can
annotate their program be annotated with pledge\cite{pledge2} promises to limit the number of systems calls
a the program can make.
The promises Promises used in pledges are groupings of system
calls. calls that are related. For example, the _stdio_ promise includes system calls required for IO such as _fsync_, _read_, _write_, _pipe_, etc. When running a pledged program, the kernel can enforce the pledged promises and report an error if the program attempts to make system calls that are not allowed.
In order to To pledge a
program program, a list of all the system calls that the program can use is required.
An over-pledged program Over-pledged programs can
lead to the malfunctioning of the program malfunction while
a under-pledged
program programs can leave more attack surfaces than necessary. Therefore, a full understanding of the program's behavior and the interfaces it uses is required to correctly identify the list of all the system calls a program can use. Once all the system calls for a program is determined, they can be converted to promises for use in pledge.
Augmenting programs with pledges is non-trivial and time consuming even for simple UNIX utility programs. Pledging large programs is more challenging for developers
because of the due to difficulty in accurately
determine determining behaviors of complex systems and
the lack of understanding in low level libraries.
These Similar to permissioning in Android, these complications
often can lead to overpermissioning in real world applications
(find a android citation for this). \cite{Felt_2011}. To solve this problem, we develop an automated system Autopledge to analyse C programs and insert pledges in optimal locations.