 |
| (pc- google images) |
Facebook has awarded a prize of $100,000 to a team of security researchers in Georgia for finding a new class of vulnerabilities in browser-based C++ programs.
The award “Internet Defense Prize” was given at the 24th USENIX Security Symposium in Washington D.C. for projects that encourage internet safety. The payout of $100,000 was double of what was awarded to German researchers Johannes Dahse and Thorsten Holz last year, who won the prize for their paper, “Static Detection of Second-Order Vulnerabilities in Web Applications.”
This year’s prize winners; PhD students Byoungyoung Lee and Chengyu Song, along with Professors Taesoo Kim and Wenke Lee revealed a new class of C++ vulnerabilities and introduced CaVeR, a runtime bad-casting detection tool.
CaVeR performs instrumentation at compile time and uses a new runtime type tracing mechanism—the type hierarchy table—to overcome the limitation of existing approaches and efficiently verify type casting dynamically. The researchers claim to have applied CAVER to the code of the Chromium and Firefox browsers and discovered 11 previously unknown security vulnerabilities: nine in GNU libstdc++ and two in Firefox.
Facebook Security Engineering Manager Ioannis Papagiannis explains, ““C++ supports two major different types of casting operators to convert one type of data into another: static and dynamic casts. Dynamic casts are checked at runtime for correctness, but they also incur a performance overhead.
People typically prefer to use static casts because they avoid that overhead, but if you cast to the wrong type using a static cast, the program may end up creating a pointer that can point past the memory allocated to a particular object. That pointer can then be used to corrupt the memory of the process."
Papagiannis said that CAVER makes it possible to have the best of both worlds: using static type casting to improve performance, but identifying type casting vulnerabilities that can then be addressed.
He added, “We all benefit from this kind of work. A large part of why Facebook has been successful in serving nearly 1.5 billion people is because we have been quick to introduce and adopt categories of systems and frameworks that prevent whole classes of vulnerabilities at once. As an industry, we need to invest in those kinds of solutions that scale.”
