Don't Waste My Efforts: Pruning Redundant Sanitizer Checks by Developer-Implemented Type Checks
Yizhuo Zhai, Paul Yu, Srikanth V. Krishnamurthy
33rd USENIX Security Symposium · Day 1 · USENIX Security '24
Type confusion vulnerabilities continue to pose a significant threat in C++ applications, potentially leading to system crashes, denial-of-service, or even arbitrary code execution. This talk, "Don't Waste My Efforts: Pruning Redundant Sanitizer Checks by Developer-Implemented Type Checks," presented by Yizhuo Zhai, delves into an innovative approach to mitigate these critical vulnerabilities effectively and efficiently. The core of the work, a joint effort from UC Riverside and the US Army Research Lab, introduces `Tunify`, a tool designed to intelligently optimize the application of runtime type sanitizers.
AI review
This talk presents `Tunify`, a genuinely novel approach to mitigate type confusion vulnerabilities in C++ by intelligently pruning redundant sanitizer checks. By systematically inferring and leveraging developer-implemented custom RTTI, `Tunify` achieves full protection with significantly reduced performance overhead, making robust type safety practical for large-scale, performance-critical applications. This is real work that solves a real problem.