Slashdot Mirror

← Back to Stories (view on slashdot.org)

DieHard, the Software

Posted by ryuzaki0 on from the yippie-ki-yay-and-other-flying-quotes dept.

Roland Piquepaille writes "No, it's not another movie sequel. DieHard is a piece of software which helps programs to run correctly and protects them from a range of security vulnerabilities. It has been developed by computer scientists from the University of Massachusetts Amherst — and Microsoft. DieHard prevents crashes and hacker attacks by focusing on memory. Our computers have thousands times more memory than 20 years ago. Still, programmers are privileging speed and efficiency over security, which leads to the famous "buffer overflows" which are exploited by hackers."

7 of 230 comments (clear)

  1. Vista already doing some of this by PurifyYourMind · · Score: 4, Informative

    Along the same lines anyway... a new feature in Vista: Address space layout randomization (ASLR) is a computer security technique which involves arranging the positions of key data areas, usually including the base of the executable and position of libraries, heap, and stack, randomly in a process' address space. http://en.wikipedia.org/wiki/Address_space_layout_ randomization

    1. Re:Vista already doing some of this by Ristretto · · Score: 5, Informative

      Hi Slashdot readers,

      DieHard's randomization is very different from what OpenBSD does, not to mention Vista's address-space randomization. I've added a note to the FAQs that explains the difference in some detail, and answers several other questions, but in short: "address-space randomization" randomizes the base address of the heap and also mmapped-chunks of memory, leaving the relative position of objects intact. By contrast, DieHard randomizes the location of every single object across the entire heap. It also goes further in that it prevents a wide range of memory errors automatically, like double frees and illegal frees, and effectively eliminates heap corruption.

      -- Emery Berger

    2. Re:Vista already doing some of this by strider44 · · Score: 4, Informative

      You could have just looked it up and seen that it's been in Linux for a similar length of time (in 2.6.x). I just googled for "linux address randomization" and clicked the top link.

    3. Re:Vista already doing some of this by nacturation · · Score: 4, Informative

      Seems like OpenBSD's implementation does what DieHard claims, or at least some of it. See this interview from August 2005 for information:

      http://kerneltrap.org/node/5584

      Any thoughts?

      --
      Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
    4. Re:Vista already doing some of this by iamacat · · Score: 4, Informative

      No, it won't. Programs need to interoperate - you might want to explicitly upload a photo to shutterfly using your web browser, but you don't want a rogue website to just siphon off all your private photos by exploiting a memory bug in one of the endless plugins.

      The real solution is programming in a language with secure memory management, such as .Net, Java or even LISP. I suspect that overhead is far smaller than running 3 copies of the program at once like DieHard does.

    5. Re:Vista already doing some of this by Ristretto · · Score: 5, Informative
      Hi,

      Here's a more detailed answer -- I'll add it to the FAQ.

      OpenBSD (a variant of PHKmalloc) does some of what DieHard's allocator does, but DieHard does much more. On the security side, DieHard adds much more "entropy"; on the reliability side, it mathematically reduces the risk that a programmer bug will have any impact on program execution.

      OpenBSD randomly locates pages of memory and allocates small objects from these pages. It improves security by avoiding the effect of certain errors. Like DieHard, it is resilient to double and invalid frees. It places guard pages around large chunks and frees such large chunks back to the OS (causing later references through dangling pointers to fail unless the chunk is reused). It attempts to block some buffer overflows by using page protection. Finally, it shuffles some allocated objects around on a page, randomizing their location within a page.

      DieHard goes much further. First, it completely segregates heap metadata from the heap, making heap corruption (and hijack attacks) nearly impossible. On OpenBSD, a large-enough underflow on OpenBSD can overwrite the page directory or local page info struct (at the beginning of each page), hijacking the allocator. This presentation describes several ways OpenBSD's allocator can be attacked. By contrast, none of DieHard's metadata is located in the allocated object space.

      Second, DieHard randomizes the placement of objects across the entire heap. This has numerous advantages. On the security side, it makes brute-force attempts to locate adjacent objects nearly impossible -- in OpenBSD, knowing the allocation sequence determines which pages objects will land on (see the presentation pointed to above).

      DieHard's complete randomization is key to provably avoiding a range of errors with high probability. It reduces the worst-case odds that a buffer overflow has any impact to 50%. The actual likelihood is even lower when the heap is not full. DieHard also avoids dangling pointer errors with very high probability (e.g., 99.999%), making it nearly impervious to such mistakes. You can read our PLDI paper for more details and formulae.

      -- Emery Berger

  2. nothing to do with VMs - just exception handling by Anonymous Coward · · Score: 3, Informative

    Ada's been doing that kind of runtime checking and throwing exceptions for 20 years now without needing a VM to enable exception handling.