|Payer Mathias |
Despite the best efforts of scientists to ensure effective protection for systems software, close to 60 security bugs are detected every month. To address this challenge, the CodeSan project proposes an inclusive method that ameliorates code quality. It proposes automatic bug detection during development and protection of established software through reflective alleviations. CodeSan can reliably defend large software systems such as Google Chromium and Mozilla Firefox.
CodeSan will sanitize software by
CodeSan trades formal completeness for practical scalability in three steps. First, policy-based sanitization makes undefined behavior (through violations of memory safety, type safety, or API flow safety) explicit and detectable given concrete test inputs. Second, automatic test case generation increases testing coverage for large programs without the need for pre-existing test cases, enabling broader and automated use of policy-based sanitization. Third, for deployed software, reflective mitigations place runtime checks precisely where they are needed based on data-flow and control-flow coverage from our testing efforts. CodeSan complements formal approaches by protecting software that is currently out of reach due to its size, complexity, or low-level nature.
CodeSan is a compelling, comprehensive, and adaptive approach to thoroughly address undefined behavior for complex software. The three proposed actions complement each other naturally and will immediately guard large software systems such as Google Chromium, Mozilla Firefox, the Android system, or the Linux kernel, making them resilient against attacks.
In keeping with PI Mathias Payer’s track record on open sourcing his group’s research artifacts on cast sanitization, transformative fuzzing, or control-flow hijacking mitigations, all prototypes produced during CodeSan will be released as open-source.
The 60-month project was initiated in March 2020 with a grant from the ERC.