Partisan: Fast and flexible sanitization via run-time partitioning

Julian Lettner, Dokyung Song, Taemin Park, Per Larsen, Stijn Volckaert, Michael Franz

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Citations (Scopus)

Abstract

Sanitizers can detect security vulnerabilities in C/C++ code that elude static analysis. Current practice is to continuously fuzz and sanitize internal pre-release builds. Sanitization-enabled builds are rarely released publicly. This is in large part due to the high memory and processing requirements of sanitizers. We present PartiSan, a run-time partitioning technique that speeds up sanitizers and allows them to be used in a more flexible manner. Our core idea is to partition the execution into sanitized slices that incur a run-time overhead, and “unsanitized” slices running at full speed. With PartiSan, sanitization is no longer an all-or-nothing proposition. A single build can be distributed to every user regardless of their willingness to enable sanitization and the capabilities of their host system. PartiSan enables application developers to define their own sanitization policies. Such policies can automatically adjust the amount of sanitization to fit within a performance budget or disable sanitization if the host lacks sufficient resources. The flexibility afforded by run-time partitioning also means that we can alternate between different types of sanitizers dynamically; today, developers have to pick a single type of sanitizer ahead of time. Finally, we show that run-time partitioning can speed up fuzzing by running the sanitized partition only when the fuzzer discovers an input that causes a crash or uncovers new execution paths.

Original languageEnglish
Title of host publicationResearch in Attacks, Intrusions, and Defenses - 21st International Symposium, RAID 2018, Proceedings
EditorsMichael Bailey, Sotiris Ioannidis, Manolis Stamatogiannakis, Thorsten Holz
PublisherSpringer Verlag
Pages403-422
Number of pages20
ISBN (Print)9783030004699
DOIs
Publication statusPublished - 2018
Event21st International Symposium on Research in Attacks, Intrusions and Defenses, RAID 2018 - Heraklion, Greece
Duration: 2018 Sep 102018 Sep 12

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume11050 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference21st International Symposium on Research in Attacks, Intrusions and Defenses, RAID 2018
Country/TerritoryGreece
CityHeraklion
Period18/9/1018/9/12

Bibliographical note

Funding Information:
This material is based upon work partially supported by the Defense Advanced Research Projects Agency (DARPA) under contracts FA8750-15-C-0124 and FA8750-15-C-0085, by the United States Office of Naval Research (ONR) under contract N00014-17-1-2782, and by the National Science Foundation under awards CNS-1619211 and CNS-1513837.

Publisher Copyright:
© Springer Nature Switzerland AG 2018.

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • Computer Science(all)

Fingerprint

Dive into the research topics of 'Partisan: Fast and flexible sanitization via run-time partitioning'. Together they form a unique fingerprint.

Cite this