The Undefined Quest for Full Memory Safety
Abstract
In this thesis, we explore full memory safety and the various intricacies involved. We analyze existing memory safety techniques in both hardware and software and their many different goals. This task involves determining the limits of the protections guaranteed by these different protection systems, regardless of whether they were explicitly or implicitly stated. It is demonstrated that the common software technique of protecting only allocation bounds does not provide nearly enough of a barrier for attackers. Then, we go beyond particular schemes and examine the limitations of languages, C in particular. We discover many corner cases and ambiguities that prevent even the best possible protection system from providing full memory safety in the context of the C language specification. We also collect some results for the prevalence of these issues, present approaches to further analyze them, and consider how they might extend into other languages or systems. Introduction Memory corruption is a classic problem that has plagued many systems and served as a reliable source of exploits over the years [55]. Low level languages, such as C and C++, which allow direct control of memory provide ample room for introducing vulnerabilities through specification ambiguities, permitted unsafe usage, and their general flexibility [44, 46, 47]. In fact, some of these issues make any system that honors the language specification incapable of providing complete memory safety [11].
Document Details
- Document Type
- Technical Report
- Publication Date
- Feb 06, 2020
- Accession Number
- AD1091177
Entities
People
- H. Ohkravi
- H. Shrobe
- R. Gil
Organizations
- MIT Lincoln Laboratory