Safelnit: Comprehensive and Practical Mitigation of Uninitialized Read Vulnerabilities

Author(s): Alyssa Milburn, Herber Bos, Cristiano Giuffrida

Download: Paper (PDF)

Date: 27 Feb 2017

Document Type: Reports

Additional Documents: Slides Video

Associated Event: NDSS Symposium 2017

Abstract:

Usage of uninitialized values remains a common error in C/C++ code. This results not only in undefined and generally undesired behavior, but is also a cause of information disclosure and other security vulnerabilities. Existing solutions for mitigating such errors are not used in practice as they are either limited in scope (for example, only protecting the heap), or incur high runtime overhead.

In this paper, we propose SafeInit, a practical protection system which hardens applications against such undefined behavior by guaranteeing initialization of all values on the heap and stack, every time they are allocated or come into scope. Doing so provides comprehensive protection against this class of vulnerabilities in generic programs, including both information disclosure and re-use/logic vulnerabilities.

We show that, with carefully designed compiler optimizations, our implementation achieves sufficiently low overhead (5% for typical server applications and SPEC CPU2006) to serve as a standard hardening protection in practical settings. Moreover, we show that we can effortlessly apply it to harden non-standard code, such as the Linux kernel, with low runtime overhead.