TechRxiv
scorch_position_paper.pdf (257.12 kB)
Download file

Towards a Hybrid Approach to Protect Against Memory Safety Vulnerabilities

Download (257.12 kB)
preprint
posted on 31.08.2021, 19:56 by Ahmed BhayatAhmed Bhayat, Lucas CordeiroLucas Cordeiro, Giles RegerGiles Reger, Fedor Shmarov, Konstantin Korovin, Tom Melham, Kaled Alshamrany, Mustafa A. Mustafa, Pierre OlivierPierre Olivier
Memory corruption bugs continue to plague low-level systems software generally written in unsafe programming languages. In order to detect and protect against such exploits, many pre- and post-deployment techniques exist. In this position paper, we propose and motivate the need for a hybrid approach for the protection against memory safety vulnerabilities, combining techniques that can identify the presence (and absence) of vulnerabilities pre-deployment with those that can detect and mitigate such vulnerabilities post-deployment. Our hybrid approach involves three layers: hardware runtime protection provided by capability hardware, software runtime protection provided by compiler instrumentation, and static analysis provided by bounded model checking and symbolic execution. The key aspect of the proposed hybrid approach is that the protection offered is greater than the sum of its parts -- the expense of post-deployment runtime checks is reduced via information obtained during pre-deployment analysis. During pre-deployment analysis, static checking can be guided by runtime information.

Funding

SCorCH: Secure Code for Capability Hardware

Engineering and Physical Sciences Research Council

Find out more...

History

Email Address of Submitting Author

giles.reger@manchester.ac.uk

ORCID of Submitting Author

0000-0001-6353-952X

Submitting Author's Institution

The University of Manchester

Submitting Author's Country

United Kingdom

Usage metrics

Licence

Exports