Cross Language Call Sanitization

Overview

Modern software often integrates multiple programming languages, increasing complexity and security vulnerabilities. This paper investigates how known sanitizers can be adapted to detect and mitigate cross-language call vulnerabilities.

Key Topics

Cross Language Attacks (CLA)

• Problem: Different languages have distinct security assumptions, leading to vulnerabilities when interacting.
• Example: A Rust program calling C functions via Foreign Function Interface (FFI) may compromise Rust’s memory safety.
• Attack Method: Attackers exploit mismatched security models between languages to perform attacks impossible within a single language.

Existing Sanitizers

• AddressSanitizer (ASAN): Detects memory errors like buffer overflows, out-of-bounds access, and use-after-free in C/C++.
• Findings: ASAN and other sanitizers (LeakSanitizer, ThreadSanitizer, etc.) do not effectively detect CLA vulnerabilities.
• Challenges: Cross-language function calls bypass sanitization mechanisms, leading to undetected exploits.

Proposed Solutions

• Prevent Unintended Interactions: Isolating components in separate processes or virtualizing them (e.g., Sandcrust for Rust).
• Securing Intended Interactions: Implementing sanitizers to monitor inter-language calls and detect anomalies.
• Sanitizer Extension: Expanding ASAN with shadow memory mapping to store metadata about memory boundaries and freed resources across languages.

Future Work

• Implementation of Extended ASAN: Develop and test a cross-language sanitizer in real-world scenarios.
• Security Validation: Evaluate effectiveness in detecting and preventing cross-language attacks.

Conclusion

Current sanitizers fail to address CLA vulnerabilities effectively. Extending sanitizers like ASAN with shared metadata tracking can improve security. Cross-language sanitization will be essential for modern multi-language applications.

Read more and join the discussion: LinkedIn Post