Using Pit to improve security in low-level programs.

Saved in:
Bibliographic Details
Title: Using Pit to improve security in low-level programs.
Authors: Pedersen, Leif1 bilbo@hobbiton.org, Reza, Hassan1 reza@cs.und.edu
Source: Journal of Supercomputing. Sep2010, Vol. 53 Issue 3, p394-410. 17p. 3 Diagrams.
Subjects: Programming languages, Loop tiling (Computer science), Computer memory management, Computer software
Abstract: Pit (Pedersen on , ; Pedersen and Reza in ISOLA ’06: proceedings of the second international symposium on leveraging applications of formal methods, verification and validation (ISOLA 2006), pp. 111–118, ) is a new language for low-level programming, designed to be a self-hosting alternative to C. The novelty is that it supports automated memory management without excluding manual memory management, and without hindering key features associated with low-level programming, such as raw pointers, inline assembly code, and precise control over execution. This paper presents Pit as a language, and then examines how Pit’s approach to memory allocation can be used to significantly increase the security of low-level programs. Automatic memory allocation is a useful tool of abstraction in many situations. Since Pit provides this tool without hindering low-level programming, it allows automated memory management to be used in programs where it previously could not be used, such as kernels. Specifically, this tool of abstraction can assist the programmer significantly in writing low-level code with fewer security problems caused by buffer overrun or integer overflow bugs by reducing the number of opportunities for such bugs in areas of code that do not need the precision of manual memory allocation. Existing solutions, such as Cyclone (Jim et al. in ATEC ’02: proceedings of the general track: USENIX annual technical conference, pp. 275–288, ), add various ways of checking bounds, but have two major disadvantages: they require extra work from the programmer, and they detect but do not fix memory allocation bugs. Pit’s approach simplifies what the programmer writes, making the code more understandable. [ABSTRACT FROM AUTHOR]
Copyright of Journal of Supercomputing is the property of Springer Nature and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)
Database: Engineering Source
FullText Links:
  – Type: pdflink
Text:
  Availability: 0
Header DbId: egs
DbLabel: Engineering Source
An: 52708461
AccessLevel: 6
PubType: Academic Journal
PubTypeId: academicJournal
PreciseRelevancyScore: 0
IllustrationInfo
Items – Name: Title
  Label: Title
  Group: Ti
  Data: Using Pit to improve security in low-level programs.
– Name: Author
  Label: Authors
  Group: Au
  Data: <searchLink fieldCode="AR" term="%22Pedersen%2C+Leif%22">Pedersen, Leif</searchLink><relatesTo>1</relatesTo><i> bilbo@hobbiton.org</i><br /><searchLink fieldCode="AR" term="%22Reza%2C+Hassan%22">Reza, Hassan</searchLink><relatesTo>1</relatesTo><i> reza@cs.und.edu</i>
– Name: TitleSource
  Label: Source
  Group: Src
  Data: <searchLink fieldCode="JN" term="%22Journal+of+Supercomputing%22">Journal of Supercomputing</searchLink>. Sep2010, Vol. 53 Issue 3, p394-410. 17p. 3 Diagrams.
– Name: Subject
  Label: Subjects
  Group: Su
  Data: <searchLink fieldCode="DE" term="%22Programming+languages%22">Programming languages</searchLink><br /><searchLink fieldCode="DE" term="%22Loop+tiling+%28Computer+science%29%22">Loop tiling (Computer science)</searchLink><br /><searchLink fieldCode="DE" term="%22Computer+memory+management%22">Computer memory management</searchLink><br /><searchLink fieldCode="DE" term="%22Computer+software%22">Computer software</searchLink>
– Name: Abstract
  Label: Abstract
  Group: Ab
  Data: Pit (Pedersen on , ; Pedersen and Reza in ISOLA ’06: proceedings of the second international symposium on leveraging applications of formal methods, verification and validation (ISOLA 2006), pp. 111–118, ) is a new language for low-level programming, designed to be a self-hosting alternative to C. The novelty is that it supports automated memory management without excluding manual memory management, and without hindering key features associated with low-level programming, such as raw pointers, inline assembly code, and precise control over execution. This paper presents Pit as a language, and then examines how Pit’s approach to memory allocation can be used to significantly increase the security of low-level programs. Automatic memory allocation is a useful tool of abstraction in many situations. Since Pit provides this tool without hindering low-level programming, it allows automated memory management to be used in programs where it previously could not be used, such as kernels. Specifically, this tool of abstraction can assist the programmer significantly in writing low-level code with fewer security problems caused by buffer overrun or integer overflow bugs by reducing the number of opportunities for such bugs in areas of code that do not need the precision of manual memory allocation. Existing solutions, such as Cyclone (Jim et al. in ATEC ’02: proceedings of the general track: USENIX annual technical conference, pp. 275–288, ), add various ways of checking bounds, but have two major disadvantages: they require extra work from the programmer, and they detect but do not fix memory allocation bugs. Pit’s approach simplifies what the programmer writes, making the code more understandable. [ABSTRACT FROM AUTHOR]
– Name: AbstractSuppliedCopyright
  Label:
  Group: Ab
  Data: <i>Copyright of Journal of Supercomputing is the property of Springer Nature and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract.</i> (Copyright applies to all Abstracts.)
PLink https://search.ebscohost.com/login.aspx?direct=true&site=eds-live&db=egs&AN=52708461
RecordInfo BibRecord:
  BibEntity:
    Identifiers:
      – Type: doi
        Value: 10.1007/s11227-009-0301-x
    Languages:
      – Code: eng
        Text: English
    PhysicalDescription:
      Pagination:
        PageCount: 17
        StartPage: 394
    Subjects:
      – SubjectFull: Programming languages
        Type: general
      – SubjectFull: Loop tiling (Computer science)
        Type: general
      – SubjectFull: Computer memory management
        Type: general
      – SubjectFull: Computer software
        Type: general
    Titles:
      – TitleFull: Using Pit to improve security in low-level programs.
        Type: main
  BibRelationships:
    HasContributorRelationships:
      – PersonEntity:
          Name:
            NameFull: Pedersen, Leif
      – PersonEntity:
          Name:
            NameFull: Reza, Hassan
    IsPartOfRelationships:
      – BibEntity:
          Dates:
            – D: 01
              M: 09
              Text: Sep2010
              Type: published
              Y: 2010
          Identifiers:
            – Type: issn-print
              Value: 09208542
          Numbering:
            – Type: volume
              Value: 53
            – Type: issue
              Value: 3
          Titles:
            – TitleFull: Journal of Supercomputing
              Type: main
ResultId 1