Using Pit to improve security in low-level programs.
Saved in:
| Title: | Using Pit to improve security in low-level programs. |
|---|---|
| Authors: | Pedersen, Leif1 bilbo@hobbiton.org, Reza, Hassan1 reza@cs.und.edu |
| Source: | Journal of Supercomputing. Sep2010, Vol. 53 Issue 3, p394-410. 17p. 3 Diagrams. |
| Subjects: | Programming languages, Loop tiling (Computer science), Computer memory management, Computer software |
| Abstract: | Pit (Pedersen on , ; Pedersen and Reza in ISOLA ’06: proceedings of the second international symposium on leveraging applications of formal methods, verification and validation (ISOLA 2006), pp. 111–118, ) is a new language for low-level programming, designed to be a self-hosting alternative to C. The novelty is that it supports automated memory management without excluding manual memory management, and without hindering key features associated with low-level programming, such as raw pointers, inline assembly code, and precise control over execution. This paper presents Pit as a language, and then examines how Pit’s approach to memory allocation can be used to significantly increase the security of low-level programs. Automatic memory allocation is a useful tool of abstraction in many situations. Since Pit provides this tool without hindering low-level programming, it allows automated memory management to be used in programs where it previously could not be used, such as kernels. Specifically, this tool of abstraction can assist the programmer significantly in writing low-level code with fewer security problems caused by buffer overrun or integer overflow bugs by reducing the number of opportunities for such bugs in areas of code that do not need the precision of manual memory allocation. Existing solutions, such as Cyclone (Jim et al. in ATEC ’02: proceedings of the general track: USENIX annual technical conference, pp. 275–288, ), add various ways of checking bounds, but have two major disadvantages: they require extra work from the programmer, and they detect but do not fix memory allocation bugs. Pit’s approach simplifies what the programmer writes, making the code more understandable. [ABSTRACT FROM AUTHOR] |
| Copyright of Journal of Supercomputing is the property of Springer Nature and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.) | |
| Database: | Engineering Source |
| FullText | Links: – Type: pdflink Text: Availability: 0 |
|---|---|
| Header | DbId: egs DbLabel: Engineering Source An: 52708461 AccessLevel: 6 PubType: Academic Journal PubTypeId: academicJournal PreciseRelevancyScore: 0 |
| IllustrationInfo | |
| Items | – Name: Title Label: Title Group: Ti Data: Using Pit to improve security in low-level programs. – Name: Author Label: Authors Group: Au Data: <searchLink fieldCode="AR" term="%22Pedersen%2C+Leif%22">Pedersen, Leif</searchLink><relatesTo>1</relatesTo><i> bilbo@hobbiton.org</i><br /><searchLink fieldCode="AR" term="%22Reza%2C+Hassan%22">Reza, Hassan</searchLink><relatesTo>1</relatesTo><i> reza@cs.und.edu</i> – Name: TitleSource Label: Source Group: Src Data: <searchLink fieldCode="JN" term="%22Journal+of+Supercomputing%22">Journal of Supercomputing</searchLink>. Sep2010, Vol. 53 Issue 3, p394-410. 17p. 3 Diagrams. – Name: Subject Label: Subjects Group: Su Data: <searchLink fieldCode="DE" term="%22Programming+languages%22">Programming languages</searchLink><br /><searchLink fieldCode="DE" term="%22Loop+tiling+%28Computer+science%29%22">Loop tiling (Computer science)</searchLink><br /><searchLink fieldCode="DE" term="%22Computer+memory+management%22">Computer memory management</searchLink><br /><searchLink fieldCode="DE" term="%22Computer+software%22">Computer software</searchLink> – Name: Abstract Label: Abstract Group: Ab Data: Pit (Pedersen on , ; Pedersen and Reza in ISOLA ’06: proceedings of the second international symposium on leveraging applications of formal methods, verification and validation (ISOLA 2006), pp. 111–118, ) is a new language for low-level programming, designed to be a self-hosting alternative to C. The novelty is that it supports automated memory management without excluding manual memory management, and without hindering key features associated with low-level programming, such as raw pointers, inline assembly code, and precise control over execution. This paper presents Pit as a language, and then examines how Pit’s approach to memory allocation can be used to significantly increase the security of low-level programs. Automatic memory allocation is a useful tool of abstraction in many situations. Since Pit provides this tool without hindering low-level programming, it allows automated memory management to be used in programs where it previously could not be used, such as kernels. Specifically, this tool of abstraction can assist the programmer significantly in writing low-level code with fewer security problems caused by buffer overrun or integer overflow bugs by reducing the number of opportunities for such bugs in areas of code that do not need the precision of manual memory allocation. Existing solutions, such as Cyclone (Jim et al. in ATEC ’02: proceedings of the general track: USENIX annual technical conference, pp. 275–288, ), add various ways of checking bounds, but have two major disadvantages: they require extra work from the programmer, and they detect but do not fix memory allocation bugs. Pit’s approach simplifies what the programmer writes, making the code more understandable. [ABSTRACT FROM AUTHOR] – Name: AbstractSuppliedCopyright Label: Group: Ab Data: <i>Copyright of Journal of Supercomputing is the property of Springer Nature and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract.</i> (Copyright applies to all Abstracts.) |
| PLink | https://search.ebscohost.com/login.aspx?direct=true&site=eds-live&db=egs&AN=52708461 |
| RecordInfo | BibRecord: BibEntity: Identifiers: – Type: doi Value: 10.1007/s11227-009-0301-x Languages: – Code: eng Text: English PhysicalDescription: Pagination: PageCount: 17 StartPage: 394 Subjects: – SubjectFull: Programming languages Type: general – SubjectFull: Loop tiling (Computer science) Type: general – SubjectFull: Computer memory management Type: general – SubjectFull: Computer software Type: general Titles: – TitleFull: Using Pit to improve security in low-level programs. Type: main BibRelationships: HasContributorRelationships: – PersonEntity: Name: NameFull: Pedersen, Leif – PersonEntity: Name: NameFull: Reza, Hassan IsPartOfRelationships: – BibEntity: Dates: – D: 01 M: 09 Text: Sep2010 Type: published Y: 2010 Identifiers: – Type: issn-print Value: 09208542 Numbering: – Type: volume Value: 53 – Type: issue Value: 3 Titles: – TitleFull: Journal of Supercomputing Type: main |
| ResultId | 1 |