Fat Pointers for Temporal Memory Safety of C-Reference-Cited by-同舟云学术

Fat Pointers for Temporal Memory Safety of C

Published:2023-04-06 Issue:OOPSLA1 Volume:7 Page:316-347
ISSN:2475-1421
Container-title:Proceedings of the ACM on Programming Languages
language:en
Short-container-title:Proc. ACM Program. Lang.

Author:

Zhou Jie¹^ORCID,Criswell John¹^ORCID,Hicks Michael²^ORCID

Affiliation:

1. University of Rochester, USA

2. Amazon, USA / University of Maryland, USA

Abstract

Temporal memory safety bugs, especially use-after-free and double free bugs, pose a major security threat to C programs. Real-world exploits utilizing these bugs enable attackers to read and write arbitrary memory locations, causing disastrous violations of confidentiality, integrity, and availability. Many previous solutions retrofit temporal memory safety to C, but they all either incur high performance overhead and/or miss detecting certain types of temporal memory safety bugs. In this paper, we propose a temporal memory safety solution that is both efficient and comprehensive. Specifically, we extend Checked C, a spatially-safe extension to C, with temporally-safe pointers. These are implemented by combining two techniques: fat pointers and dynamic key-lock checks. We show that the fat-pointer solution significantly improves running time and memory overhead compared to the disjoint-metadata approach that provides the same level of protection. With empirical program data and hands-on experience porting real-world applications, we also show that our solution is practical in terms of backward compatibility---one of the major complaints about fat pointers.

Publisher

Association for Computing Machinery (ACM)

Subject

Safety, Risk, Reliability and Quality,Software

Link

https://dl.acm.org/doi/pdf/10.1145/3586038

Reference91 articles.

1. Jonathan Afek and Adi Sharabani. 2007. Dangling pointer: Smashing the Pointer for Fun and Profit. (2007). https://www.blackhat.com/presentations/bh-usa-07/Afek/Whitepaper/bh-usa-07-afek-WP.pdf Jonathan Afek and Adi Sharabani. 2007. Dangling pointer: Smashing the Pointer for Fun and Profit. (2007). https://www.blackhat.com/presentations/bh-usa-07/Afek/Whitepaper/bh-usa-07-afek-WP.pdf

2. AIDanial. 2022. cloc: Count Lines of Code. https://github.com/AlDanial/cloc AIDanial. 2022. cloc: Count Lines of Code. https://github.com/AlDanial/cloc

3. MarkUs: Drop-in use-after-free prevention for low-level languages

4. Periklis Akritidis . 2010 . Cling: A Memory Allocator to Mitigate Dangling Pointers . In Proceedings of the 19th USENIX Conference on Security ( Washington, DC) (USENIX Security’10). USENIX Association, Berkeley, CA, USA, 12–12. isbn:888-7-6666-5555-4 http://dl.acm.org/citation.cfm?id= 1929820.1929836 Periklis Akritidis. 2010. Cling: A Memory Allocator to Mitigate Dangling Pointers. In Proceedings of the 19th USENIX Conference on Security (Washington, DC) (USENIX Security’10). USENIX Association, Berkeley, CA, USA, 12–12. isbn:888-7-6666-5555-4 http://dl.acm.org/citation.cfm?id=1929820.1929836

5. Apache Software Foundation. 2022. ab - Apache HTTP server benchmarking tool. https://httpd.apache.org/docs/2.4/programs/ab.html Apache Software Foundation. 2022. ab - Apache HTTP server benchmarking tool. https://httpd.apache.org/docs/2.4/programs/ab.html

Cited by 1 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. How Close Is Existing C/C++ Code to a Safe Subset?;Journal of Cybersecurity and Privacy;2023-12-28