License
When quoting this document, please refer to the following
DOI: 10.4230/LIPIcs.SNAPL.2015.190
URN: urn:nbn:de:0030-drops-50268
URL: http://drops.dagstuhl.de/opus/volltexte/2015/5026/
Go to the corresponding LIPIcs Volume Portal


Nagarakatte, Santosh ; Martin, Milo M. K. ; Zdancewic, Steve

Everything You Want to Know About Pointer-Based Checking

pdf-format:
16.pdf (0.6 MB)


Abstract

Lack of memory safety in C/C++ has resulted in numerous security vulnerabilities and serious bugs in large software systems. This paper highlights the challenges in enforcing memory safety for C/C++ programs and progress made as part of the SoftBoundCETS project. We have been exploring memory safety enforcement at various levels - in hardware, in the compiler, and as a hardware-compiler hybrid - in this project. Our research has identified that maintaining metadata with pointers in a disjoint metadata space and performing bounds and use-after-free checking can provide comprehensive memory safety. We describe the rationale behind the design decisions and its ramifications on various dimensions, our experience with the various variants that we explored in this project, and the lessons learned in the process. We also describe and analyze the forthcoming Intel Memory Protection Extensions (MPX) that provides hardware acceleration for disjoint metadata and pointer checking in mainstream hardware, which is expected to be available later this year.

BibTeX - Entry

@InProceedings{nagarakatte_et_al:LIPIcs:2015:5026,
  author =	{Santosh Nagarakatte and Milo M. K. Martin and Steve Zdancewic},
  title =	{{Everything You Want to Know About Pointer-Based Checking}},
  booktitle =	{1st Summit on Advances in Programming Languages (SNAPL 2015)},
  pages =	{190--208},
  series =	{Leibniz International Proceedings in Informatics (LIPIcs)},
  ISBN =	{978-3-939897-80-4},
  ISSN =	{1868-8969},
  year =	{2015},
  volume =	{32},
  editor =	{Thomas Ball and Rastislav Bodik and Shriram Krishnamurthi and Benjamin S. Lerner and Greg Morrisett},
  publisher =	{Schloss Dagstuhl--Leibniz-Zentrum fuer Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{http://drops.dagstuhl.de/opus/volltexte/2015/5026},
  URN =		{urn:nbn:de:0030-drops-50268},
  doi =		{10.4230/LIPIcs.SNAPL.2015.190},
  annote =	{Keywords: Memory safety, Buffer overflows, Dangling pointers, Pointer-based checking, SoftBoundCETS}
}

Keywords: Memory safety, Buffer overflows, Dangling pointers, Pointer-based checking, SoftBoundCETS
Seminar: 1st Summit on Advances in Programming Languages (SNAPL 2015)
Issue Date: 2015
Date of publication: 28.04.2015


DROPS-Home | Fulltext Search | Imprint | Privacy Published by LZI