Security bugs in embedded interpreters

Chen, Haogang; Cutler, Cody; Kim, Taesoo; Mao, Yandong; Wang, Xi; Zeldovich, Nickolai; Kaashoek, M. Frans

Author(s)

Chen, Haogang; Cutler, Cody; Kim, Taesoo; Mao, Yandong; Wang, Xi; ... Show more

DownloadKaashoek_Security bugs.pdf (140.2Kb)

OPEN_ACCESS_POLICY

Terms of use

Creative Commons Attribution-Noncommercial-Share Alike http://creativecommons.org/licenses/by-nc-sa/4.0/

Metadata

Show full item record

Abstract

Because embedded interpreters offer flexibility and performance, they are becoming more prevalent, and can be found at nearly every level of the software stack. As one example, the Linux kernel defines languages to describe packet filtering rules and uses embedded interpreters to filter packets at run time. As another example, the RAR archive format allows embedding bytecode in compressed files to describe reversible transformations for decompression. This paper presents an analysis of common pitfalls in embedded interpreter implementations, which can lead to security vulnerabilities, and their impact. We hope that these results are useful both in augmenting existing embedded interpreters and in aiding developers in building new, more secure embedded interpreters.

Date issued

2013-07

URI

http://hdl.handle.net/1721.1/86887

Department

Massachusetts Institute of Technology. Computer Science and Artificial Intelligence Laboratory; Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science

Journal

Proceedings of the 4th Asia-Pacific Workshop on Systems (APSys '13)

Publisher

Edition Open Access

Citation

Haogang Chen, Cody Cutler, Taesoo Kim, Yandong Mao, Xi Wang, Nickolai Zeldovich, and M. Frans Kaashoek. 2013. Security bugs in embedded interpreters. In Proceedings of the 4th Asia-Pacific Workshop on Systems (APSys '13). ACM, New York, NY, USA, Article 17, 7 pages.

Version: Author's final manuscript

ISBN

9781450323161

Collections

MIT Open Access Articles

DSpace@MIT