Refactoring the FreeBSD Kernel with Checked C (IEEE SecDev 2020 Presentation)

Описание: By Junhan Duan, Yudi Yang, Jie Zhou, John Criswell (University of Rochester)

Most modern operating system kernels are written in C, making them vulnerable to buffer overflow and buffer over-read attacks. Microsoft has developed an extension to the C language named Checked C which provides new source language constructs that allow the compiler to prevent NULL pointer dereferences and spatial memory safety errors through static analysis and run-time check insertion. We evaluate the use of Checked C on operating system kernel code by refactoring parts of the FreeBSD kernel to use Checked C extensions. We describe our experience refactoring the code that implements system calls and UDP and IP networking. We then evaluate the refactoring effort and the performance of the refactored kernel. It took two undergraduate students approximately three months to refactor the system calls, the network packet (mbuf) utility routines, and parts of the IP and UDP processing code. Our experiments show that using Checked C incurred no performance or code size overheads.

https://www.computer.org/csdl/proceed...

https://secdev.ieee.org/2020/schedule/

IEEE Secure Development (SecDev) Conference is a venue for presenting ideas, research, and experience about how to develop secure systems. It focuses on theory, techniques, and tools to “build security in” to existing and new computing systems, and does not focus on simply discovering the absence of security.

The goal of SecDev is to encourage and disseminate ideas for secure system development among academia, industry, and government. It aims to bridge the gap between constructive security research and practice and to enable real-world impact of security research in the long run. Developers have valuable experiences and ideas that can inform academic research, and researchers have concepts, studies, and even code and tools that could benefit developers.

https://secdev.ieee.org/2020/home

#ieee #secdev #ieeesecdev #cybersecurity #software #security #practitioners #vulnerabilities #system