The Undefined Quest for Full Memory Safety

Abstract

In this thesis, we explore full memory safety and the various intricacies involved. We analyze existing memory safety techniques in both hardware and software and their many different goals. This task involves determining the limits of the protections guaranteed by these different protection systems, regardless of whether they were explicitly or implicitly stated. It is demonstrated that the common software technique of protecting only allocation bounds does not provide nearly enough of a barrier for attackers. Then, we go beyond particular schemes and examine the limitations of languages, C in particular. We discover many corner cases and ambiguities that prevent even the best possible protection system from providing full memory safety in the context of the C language specification. We also collect some results for the prevalence of these issues, present approaches to further analyze them, and consider how they might extend into other languages or systems.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Feb 13, 2018
Accession Number
AD1087319

Entities

People

  • Ronald Gil

Organizations

  • Massachusetts Institute of Technology

Tags

Communities of Interest

  • Advanced Electronics
  • Cyber

DTIC Thesaurus Topics

  • Application Software
  • Compilers
  • Composite Materials
  • Computer Programming
  • Computer Programs
  • Computer Science
  • Computers
  • Computing System Architectures
  • Defense Systems
  • Electrical Engineering
  • Engineering
  • Language
  • Operating Systems
  • Personality
  • Simulators
  • Specifications
  • Test And Evaluation

Fields of Study

  • Computer science

Readers

  • Operations Research
  • Software Engineering.
  • Systems Analysis and Design