CASTSAN: Efficient detection of polymorphic C++ object type confusions with LLVM

Paul Muntean, Sebastian Wuerl, Jens Grossklags, Claudia Eckert

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

5 Scopus citations

Abstract

C++ object type confusion vulnerabilities as the result of illegal object casting have been threatening systems’ security for decades. While there exist several solutions to address this type of vulnerability, none of them are sufficiently practical for adoption in production scenarios. Most competitive and recent solutions require object type tracking for checking polymorphic object casts, and all have prohibitively high runtime overhead. The main source of overhead is the need to track the object type during runtime for both polymorphic and non-polymorphic object casts. In this paper, we present CastSan, a C++ object type confusion detection tool for polymorphic objects only, which scales efficiently to large and complex code bases as well as to many concurrent threads. To considerably reduce the object type cast checking overhead, we employ a new technique based on constructing the whole virtual table hierarchy during program compile time. Since CastSan does not rely on keeping track of the object type during runtime, the overhead is drastically reduced. Our evaluation results show that complex applications run insignificantly slower when our technique is deployed, thus making CastSan a real-world usage candidate. Finally, we envisage that based on our object type confusion detection technique, which relies on ordered virtual tables (vtables), even non-polymorphic object casts could be precisely handled by constructing auxiliary non-polymorphic function table hierarchies for static classes as well.

Original languageEnglish
Title of host publicationComputer Security - 23rd European Symposium on Research in Computer Security, ESORICS 2018, Proceedings
EditorsJavier Lopez, Jianying Zhou, Miguel Soriano
PublisherSpringer Verlag
Pages3-25
Number of pages23
ISBN (Print)9783319990729
DOIs
StatePublished - 2018
Event23rd European Symposium on Research in Computer Security, ESORICS 2018 - Barcelona, Spain
Duration: 3 Sep 20187 Sep 2018

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume11098 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference23rd European Symposium on Research in Computer Security, ESORICS 2018
Country/TerritorySpain
CityBarcelona
Period3/09/187/09/18

Keywords

  • Bad casting
  • Static cast
  • Type casting
  • Type confusion
  • Type safety

Fingerprint

Dive into the research topics of 'CASTSAN: Efficient detection of polymorphic C++ object type confusions with LLVM'. Together they form a unique fingerprint.

Cite this