open menu
Baggy bounds checking: an efficient and backwards-compatible defense against out-of-bounds errors_Seminar Series: CyberSecurity in Spring: The Spring of CyberSecurity
Baggy bounds checking: an efficient and backwards-compatible defense against out-of-bounds errors

by Periklis Akriditis, CTO Niometrics, Singapore

March 8th, 2021 16:00

Host: Evangelos Markatos, Computer Science Department, University of Crete

Attacks that exploit out-of-bounds errors in C and C++ programs are still prevalent despite many years of research on bounds checking. Previous backwards compatible bounds checking techniques, which can be applied to unmodified C and C++ programs, maintain a data structure with the bounds for each allocated object and perform lookups in this data structure to check if pointers remain within bounds. This data structure can grow large and the lookups are expensive.

In this work we present a backwards compatible bounds checking technique that substantially reduces performance overhead. The key insight is to constrain the sizes of allocated memory regions and their alignment to enable efficient bounds lookups and hence efficient bounds checks at runtime. Our technique has low overhead in practice—only 8% throughput decrease for Apache— and is more than two times faster than the fastest previous technique and about five times faster—using less memory— than recording object bounds using a splay tree.

Short Biography

Periklis serves as Niometrics' CTO, where he helped engineer key pieces of the company's technology stack to analyse one of the most voluminous data sources in our world today: the massive network-level information from telecommunications networks. Leading Niometrics' teams across all technology functions, Periklis is constantly looking for talented and like-minded systems engineers with a knack for high-performance, high-end hardware, and tough engineering challenges – solving the coding puzzle on our website is the fastest way to reach out to him directly.

Prior to Niometrics, Periklis was involved in research projects at the University of Cambridge, Microsoft Research Cambridge, and the Distributed Computing Systems (DCS) Lab of ICS/FORTH, with a focus on systems, network, and programming language security.

Periklis holds a PhD in Computer Science from the University of Cambridge, and a Master of Science and Bachelor in Computer Science from the University of Crete.