Abstract
Memory corruption bugs continue to plague low-level systems software
generally written in unsafe programming languages. In order to detect
and protect against such exploits, many pre- and post-deployment
techniques exist. In this position paper, we propose and motivate the
need for a hybrid approach for the protection against memory
safety vulnerabilities, combining techniques that can identify the
presence (and absence) of vulnerabilities pre-deployment with those that
can detect and mitigate such vulnerabilities post-deployment. Our hybrid
approach involves three layers: hardware runtime protection provided by
capability hardware, software runtime protection provided by compiler
instrumentation, and static analysis provided by bounded model checking
and symbolic execution. The key aspect of the proposed hybrid approach
is that the protection offered is greater than the sum of its parts –
the expense of post-deployment runtime checks is reduced via information
obtained during pre-deployment analysis. During pre-deployment analysis,
static checking can be guided by runtime information.