August 4, 2016: Research on security and compiler optimization wins best paper award

Congratulations to former CS MS student Ted Ballou, former CS post-doc Phu Phung (now assistant professor at U Dayton CS) and CS faculty members Rigel Gjomemo, Venkat Venkatakrishnan and Lenore Zuck. Together with Kedar Namjoshi (Bell Labs), they co-authord a paper titled "Leveraging Static Analysis Tools for Improving Usability of Memory Error Sanitization Compilers? that won the best paper award at the IEEE Conference on Quality, Reliability and Security (QRS) 2016, held in Vienna, Austria, between Aug 1-3, 2016.

The research for this paper was supported in part by DARPA under the AFOSR contract number FA8750-12-C-0166 and from NSF CCF 1564296.


Memory errors such as buffer overruns are notorious security vulnerabilities. There has been considerable interest in having a compiler ensure the safety of compiled code either through static verification or through instrumented runtime checks. While certifying compilation has shown much promise, it has not been practical, leaving code instrumentation as the next best strategy for compilation. We term such compilers Memory Error Sanitization Compilers (MESCs). MESCs are available as part of GCC, LLVM and MSVC suites. Due to practical limitations, MESCs typically apply instrumentation even-handedly and indiscriminately to every memory access, and are consequently prohibitively expensive and practical to only small code bases. This work proposes a methodology that applies state-of- the-art static analysis techniques to eliminate unnecessary runtime checks, resulting in more efficient and scalable defenses. The methodology was implemented on LLVMs Safecode, Integer Overflow, and Address Sanitizer passes, using static analysis of Frama-C and Codesurfer. The benchmarks demonstrate improvements in runtime performance that makes incorporation of runtime checks a viable option for defense systems.

Copyright 2016 The Board of Trustees
of the University of
Helping Women Faculty Advance
Funded by NSF