loading page

Towards a Hybrid Approach to Protect Against Memory Safety Vulnerabilities
  • +6
  • Ahmed Bhayat ,
  • Lucas Cordeiro ,
  • Giles Reger ,
  • Fedor Shmarov ,
  • Konstantin Korovin ,
  • Tom Melham ,
  • Kaled Alshamrany ,
  • Mustafa A. Mustafa ,
  • Pierre Olivier
Ahmed Bhayat
Author Profile
Lucas Cordeiro
Author Profile
Giles Reger
The University of Manchester, The University of Manchester

Corresponding Author:[email protected]

Author Profile
Fedor Shmarov
Author Profile
Konstantin Korovin
Author Profile
Tom Melham
Author Profile
Kaled Alshamrany
Author Profile
Mustafa A. Mustafa
Author Profile
Pierre Olivier
Author Profile


Memory corruption bugs continue to plague low-level systems software generally written in unsafe programming languages. In order to detect and protect against such exploits, many pre- and post-deployment techniques exist. In this position paper, we propose and motivate the need for a hybrid approach for the protection against memory safety vulnerabilities, combining techniques that can identify the presence (and absence) of vulnerabilities pre-deployment with those that can detect and mitigate such vulnerabilities post-deployment. Our hybrid approach involves three layers: hardware runtime protection provided by capability hardware, software runtime protection provided by compiler instrumentation, and static analysis provided by bounded model checking and symbolic execution. The key aspect of the proposed hybrid approach is that the protection offered is greater than the sum of its parts – the expense of post-deployment runtime checks is reduced via information obtained during pre-deployment analysis. During pre-deployment analysis, static checking can be guided by runtime information.