PartiSan: Fast and Flexible Sanitization via Run-time Partitioning
share
Code sanitizers are used to automatically detect security vulnerabilities in C/C ++ code that elude static analysis. This requires that the code paths containing the vulnerability are actually executed with sanitization enabled. Under current practice, sanitization is routinely applied when developers perform continuous integration testing and fuzzing of pre-release software. However, sanitization is not commonly enabled in alpha, beta, and final releases of software, with one of the main obstacles being the added run-time overhead. We present PartiSan, a framework that uses run-time partitioning to bring additional flexibility to the use of sanitizers and to speed up sanitizer execution. Our core idea is to probabilistically partition the overall execution time into sanitized slices that incur a run-time overhead, and unsanitized slices running at near-native speed. Uniquely, we never remove sanitizer checks completely, which leaves adversaries with an unpredictable attack surface and increases coverage. Sanitization is traditionally an all or nothing proposition, which makes sanitizers hard to distribute to a heterogeneous crowd of beta-testers whose hardware ranges from low-end to high-end. PartiSan can automatically adjust the amount of sanitization to fit within a performance budget, or turn off sanitization altogether if a host lacks sufficient resources. The flexibility resulting from run-time partitioning means that we can alternate between different types of sanitizers dynamically; today, developers have to pick a single type of sanitizer ahead of time. In other words, PartiSan broadens the applicability of sanitizers in general and increases coverage in existing scenarios.
READ FULL TEXT