We provide a systematic overview of sanitizers with an example on their role in finding security issues.
1. Introduction
C and C++ remain the language of choice for efficiency and full control of underlying hardware. At the same time, memory corruption exploits are getting more sophisticated. Sanitizers are referred to those dynamic bug-finding tools. Although there is a significant body of research on sanitizers, only a few of them have been adopted, leaving many types of vulnerabilities unsanitized. It's valuable if we taxonomize the available tools and the security vulnerabilities they cover, describe their performance and compatibility properties, and highlight various trade-offs.
2. EXPlOIT MITIGATION VS. SANITIZER
The biggest difference between exploit mitigations and sanitizers lies in the type of security policy they enforce. Exploit mitigations deploy a policy aimed at detecting or preventing attacks whereas sanitizers aim to pinpoint the precise location of buggy problem statements.
Abstract
We provide a systematic overview of sanitizers with an example on their role in finding security issues.
1. Introduction
C and C++ remain the language of choice for efficiency and full control of underlying hardware. At the same time, memory corruption exploits are getting more sophisticated. Sanitizers are referred to those dynamic bug-finding tools. Although there is a significant body of research on sanitizers, only a few of them have been adopted, leaving many types of vulnerabilities unsanitized. It's valuable if we taxonomize the available tools and the security vulnerabilities they cover, describe their performance and compatibility properties, and highlight various trade-offs.
2. EXPlOIT MITIGATION VS. SANITIZER
The biggest difference between exploit mitigations and sanitizers lies in the type of security policy they enforce. Exploit mitigations deploy a policy aimed at detecting or preventing attacks whereas sanitizers aim to pinpoint the precise location of buggy problem statements.