skip to main content

Fat Pointers for Temporal Memory Safety of C

Published:06 April 2023Publication History
Skip Abstract Section

Abstract

Temporal memory safety bugs, especially use-after-free and double free bugs, pose a major security threat to C programs. Real-world exploits utilizing these bugs enable attackers to read and write arbitrary memory locations, causing disastrous violations of confidentiality, integrity, and availability. Many previous solutions retrofit temporal memory safety to C, but they all either incur high performance overhead and/or miss detecting certain types of temporal memory safety bugs.

In this paper, we propose a temporal memory safety solution that is both efficient and comprehensive. Specifically, we extend Checked C, a spatially-safe extension to C, with temporally-safe pointers. These are implemented by combining two techniques: fat pointers and dynamic key-lock checks. We show that the fat-pointer solution significantly improves running time and memory overhead compared to the disjoint-metadata approach that provides the same level of protection. With empirical program data and hands-on experience porting real-world applications, we also show that our solution is practical in terms of backward compatibility---one of the major complaints about fat pointers.

References

  1. Jonathan Afek and Adi Sharabani. 2007. Dangling pointer: Smashing the Pointer for Fun and Profit. (2007). https://www.blackhat.com/presentations/bh-usa-07/Afek/Whitepaper/bh-usa-07-afek-WP.pdf Google ScholarGoogle Scholar
  2. AIDanial. 2022. cloc: Count Lines of Code. https://github.com/AlDanial/cloc Google ScholarGoogle Scholar
  3. Sam Ainsworth and Timothy M. Jones. 2020. MarkUs: Drop-in use-after-free prevention for low-level languages. In 2020 IEEE Symposium on Security and Privacy (SP). IEEE Computer Society, Los Alamitos, CA, USA, 578–591. Google ScholarGoogle ScholarCross RefCross Ref
  4. Periklis Akritidis. 2010. Cling: A Memory Allocator to Mitigate Dangling Pointers. In Proceedings of the 19th USENIX Conference on Security (Washington, DC) (USENIX Security’10). USENIX Association, Berkeley, CA, USA, 12–12. isbn:888-7-6666-5555-4 http://dl.acm.org/citation.cfm?id=1929820.1929836 Google ScholarGoogle Scholar
  5. Apache Software Foundation. 2022. ab - Apache HTTP server benchmarking tool. https://httpd.apache.org/docs/2.4/programs/ab.html Google ScholarGoogle Scholar
  6. Apple Inc. 2017. LZFSE compression library and command line tool. https://github.com/lzfse/lzfse Google ScholarGoogle Scholar
  7. Arm Ltd. 2019. Arm Architecture Reference Manual: Armv8, for Armv8-A architecture profile. DDI 0487E.a. Google ScholarGoogle Scholar
  8. Arm Ltd. 2019. Armv8.5-A Memory Tagging Extension. https://developer.arm.com/-/media/Arm Google ScholarGoogle Scholar
  9. Vytautas Astrauskas, Christoph Matheja, Federico Poli, Peter Müller, and Alexander J. Summers. 2020. How Do Programmers Use Unsafe Rust? Proc. ACM Program. Lang. 4, OOPSLA, Article 136 (nov 2020), 27 pages. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. Todd M. Austin, Scott E. Breach, and Gurindar S. Sohi. 1994. Efficient Detection of All Pointer and Array Access Errors. In Proceedings of the ACM SIGPLAN 1994 Conference on Programming Language Design and Implementation (Orlando, Florida, USA) (PLDI ’94). ACM, New York, NY, USA, 290–301. isbn:0-89791-662-X Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. Emery D. Berger and Benjamin G. Zorn. 2006. DieHard: Probabilistic Memory Safety for Unsafe Languages. In Proceedings of the 27th ACM SIGPLAN Conference on Programming Language Design and Implementation (Ottawa, Ontario, Canada) (PLDI ’06). ACM, New York, NY, USA, 158–168. isbn:1-59593-320-4 Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. Priyam Biswas, Alessandro Di Federico, Scott A. Carr, Prabhu Rajasekaran, Stijn Volckaert, Yeoul Na, Michael Franz, and Mathias Payer. 2017. Venerable Variadic Vulnerabilities Vanquished. In Proceedings of the 26th USENIX Conference on Security Symposium (Vancouver, BC, Canada) (SEC’17). USENIX Association, USA, 183–198. isbn:9781931971409 Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. Hans-Juergen Boehm. 1993. Space Efficient Conservative Garbage Collection. In Proceedings of the ACM SIGPLAN 1993 Conference on Programming Language Design and Implementation (Albuquerque, New Mexico, USA) (PLDI ’93). Association for Computing Machinery, New York, NY, USA, 197–206. isbn:0897915984 Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. Hans-J. Boehm. 2002. Bounding Space Usage of Conservative Garbage Collectors. In Proceedings of the 29th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (Portland, Oregon) (POPL ’02). Association for Computing Machinery, New York, NY, USA, 93–100. isbn:1581134509 Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. Nathan Burow, Derrick McKee, Scott A. Carr, and Mathias Payer. 2018. CUP: Comprehensive User-Space Protection for C/C++. In Proceedings of the 2018 on Asia Conference on Computer and Communications Security (Incheon, Republic of Korea) (ASIACCS ’18). Association for Computing Machinery, New York, NY, USA, 381–392. isbn:9781450355766 Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. Haehyun Cho, Jinbum Park, Adam Oest, Tiffany Bao, Ruoyu Wang, Yan Shoshitaishvili, Adam Doupé, and Gail-Joon Ahn. 2022. ViK: Practical Mitigation of Temporal Memory Safety Violations through Object ID Inspection. In Proceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems (Lausanne, Switzerland) (ASPLOS 2022). Association for Computing Machinery, New York, NY, USA, 271–284. isbn:9781450392051 Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. Catalin Cimpanu. 2020. Chrome: 70 issues. https://www.zdnet.com/article/chrome-70-of-all-security-bugs-are-memory-safety-issues/ Google ScholarGoogle Scholar
  18. Jeremy Condit, Matthew Harren, Zachary Anderson, David Gay, and George C. Necula. 2007. Dependent Types for Low-level Programming. In Proceedings of the 16th European Symposium on Programming (Braga, Portugal) (ESOP’07). Springer-Verlag, Berlin, Heidelberg, 520–535. isbn:978-3-540-71314-2 http://dl.acm.org/citation.cfm?id=1762174.1762221 Google ScholarGoogle Scholar
  19. John Criswell, Andrew Lenharth, Dinakar Dhurjati, and Vikram Adve. 2007. Secure Virtual Architecture: A Safe Execution Environment for Commodity Operating Systems. In Proceedings of Twenty-first ACM SIGOPS Symposium on Operating Systems Principles (Stevenson, Washington, USA) (SOSP ’07). ACM, New York, NY, USA, 351–366. isbn:978-1-59593-591-5 Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. curl. 2022. curl security problems. https://curl.se/docs/security.html Google ScholarGoogle Scholar
  21. Thurston H.Y. Dang, Petros Maniatis, and David Wagner. 2017. Oscar: A Practical Page-Permissions-Based Scheme for Thwarting Dangling Pointers. In 26th USENIX Security Symposium (USENIX Security 17). USENIX Association, Vancouver, BC, 815–832. isbn:978-1-931971-40-9 https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/dang Google ScholarGoogle Scholar
  22. Sebastian Deorowicz. [n. d.]. Silesia compression corpus. http://sun.aei.polsl.pl/~sdeor/index.php?page=silesia Accessed: 09-03-2021. Google ScholarGoogle Scholar
  23. Dinakar Dhurjati and Vikram Adve. 2006. Efficiently Detecting All Dangling Pointer Uses in Production Servers. In Proceedings of the International Conference on Dependable Systems and Networks (DSN ’06). Washington, DC, USA, 269–280. isbn:0-7695-2607-1 Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. Dinakar Dhurjati, Sumant Kowshik, and Vikram Adve. 2006. SAFECode: Enforcing Alias Analysis for Weakly Typed Languages. In Proceedings of the 27th ACM SIGPLAN Conference on Programming Language Design and Implementation (Ottawa, Ontario, Canada) (PLDI ’06). Association for Computing Machinery, New York, NY, USA, 144–157. isbn:1595933204 Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. Junhan Duan, Yudi Yang, Jie Zhou, and John Criswell. 2020. Refactoring the FreeBSD Kernel with Checked C. In 2020 IEEE Secure Development (SecDev). 15–22. Google ScholarGoogle ScholarCross RefCross Ref
  26. A. S. Elliott, A. Ruef, M. Hicks, and D. Tarditi. 2018. Checked C: Making C Safe by Extension. In 2018 IEEE Cybersecurity Development (SecDev). 53–60. Google ScholarGoogle ScholarCross RefCross Ref
  27. Common Weaknesses Enumeration. 2020. Use After Free. https://cwe.mitre.org/data/definitions/416.html Google ScholarGoogle Scholar
  28. Ana Nora Evans, Bradford Campbell, and Mary Lou Soffa. 2020. Is Rust Used Safely by Software Developers?. In Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering (Seoul, South Korea) (ICSE ’20). Association for Computing Machinery, New York, NY, USA, 246–257. isbn:9781450371216 Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. Reza Mirzazade Farkhani, Mansour Ahmadi, and Long Lu. 2021. PTAuth: Temporal Memory Safety via Robust Points-to Authentication. In 30th USENIX Security Symposium (USENIX Security 21). USENIX Association. https://www.usenix.org/conference/usenixsecurity21/presentation/mirzazade Google ScholarGoogle Scholar
  30. Charles N. Fischer and Richard J. LeBlanc. 1980. The Implementation of Run-Time Diagnostics in Pascal. IEEE Transactions on Software Engineering SE-6, 4 (1980), 313–319. Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. Agner Fog. 2021. 4. Instruction tables: Lists of instruction latencies, throughputs and micro-operation breakdowns for Intel, AMD, and VIA CPUs. Technical Report. https://www.agner.org/optimize/instruction_tables.pdf Accessed: 07-19-2021. Google ScholarGoogle Scholar
  32. Krzysztof Gabis. 2021. parson: Lightweight JSON library written in C. https://github.com/kgabis/parson Google ScholarGoogle Scholar
  33. Brendan Gregg. 2018. How To Measure the Working Set Size on Linux. https://www.brendangregg.com/blog/2018-01-17/measure-working-set-size.html Accessed: 10-05-2021. Google ScholarGoogle Scholar
  34. Brendan Gregg. 2020. Systems Performance: Enterprise and the Cloud, 2nd Edition. Addison-Wesley. Google ScholarGoogle Scholar
  35. Binfa Gui, Wei Song, and Jeff Huang. 2021. UAFSan: An Object-Identifier-Based Dynamic Approach for Detecting Use-after-Free Vulnerabilities. In Proceedings of the 30th ACM SIGSOFT International Symposium on Software Testing and Analysis (Virtual, Denmark) (ISSTA 2021). Association for Computing Machinery, New York, NY, USA, 309–321. isbn:9781450384599 Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. Michael Hind. 2001. Pointer Analysis: Haven’t We Solved This Problem Yet?. In Proceedings of the 2001 ACM SIGPLAN-SIGSOFT Workshop on Program Analysis for Software Tools and Engineering (Snowbird, Utah, USA) (PASTE ’01). Association for Computing Machinery, New York, NY, USA, 54–61. isbn:1581134134 Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. Intel Corporation 2019. Intel 64 and IA-32 Architectures Software Developer’s Manual. Intel Corporation. Order Number: 325462-069US. Google ScholarGoogle Scholar
  38. Intel Corporation 2021. ntel® 64 and IA-32 Architectures Software Developer’s Manual. Intel Corporation. Order Number: 253665-075US. Google ScholarGoogle Scholar
  39. Trevor Jim, J. Greg Morrisett, Dan Grossman, Michael W. Hicks, James Cheney, and Yanling Wang. 2002. Cyclone: A Safe Dialect of C. In Proceedings of the General Track of the Annual Conference on USENIX Annual Technical Conference (ATEC ’02). USENIX Association, Berkeley, CA, USA, 275–288. isbn:1-880446-00-6 http://dl.acm.org/citation.cfm?id=647057.713871 Google ScholarGoogle ScholarDigital LibraryDigital Library
  40. Sumant Kowshik, Dinakar Dhurjati, and Vikram Adve. 2002. Ensuring Code Safety without Runtime Checks for Real-Time Control Systems. In Proceedings of the 2002 International Conference on Compilers, Architecture, and Synthesis for Embedded Systems (Grenoble, France) (CASES ’02). Association for Computing Machinery, New York, NY, USA, 288–297. isbn:1581135750 Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. Albert Kwon, Udit Dhawan, Jonathan M. Smith, Thomas F. Knight, and Andre DeHon. 2013. Low-Fat Pointers: Compact Encoding and Efficient Gate-Level Implementation of Fat Pointers for Spatial Safety and Capability-Based Security. In Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security (Berlin, Germany) (CCS ’13). Association for Computing Machinery, New York, NY, USA, 721–732. isbn:9781450324779 Google ScholarGoogle ScholarDigital LibraryDigital Library
  42. Chris Lattner and Vikram Adve. 2004. LLVM: A Compilation Framework for Lifelong Program Analysis & Transformation. In Proceedings of the International Symposium on Code Generation and Optimization: Feedback-directed and Runtime Optimization (CGO’04). IEEE Computer Society, Palo Alto, CA, 75–86. isbn:0-7695-2102-9 http://dl.acm.org/citation.cfm?id=977395.977673 Google ScholarGoogle ScholarDigital LibraryDigital Library
  43. Byoungyoung Lee, Chengyu Song, Yeongjin Jang, Tielei Wang, Taesoo Kim, Long Lu, and Wenke Lee. 2015. Preventing Use-after-free with Dangling Pointers Nullification. In NDSS. Google ScholarGoogle Scholar
  44. Daniel Lemire. 2016. The memory usage of STL containers can be surprising. https://lemire.me/blog/2016/09/15/the-memory-usage-of-stl-containers-can-be-surprising/ Google ScholarGoogle Scholar
  45. Liyi Li, Yiyun Liu, Deena L. Postol, Leonidas Lampropoulos, David Van Horn, and Michael Hicks. 2022. A Formal Model of Checked C. In Proceedings of the Computer Security Foundations Symposium (CSF). Google ScholarGoogle ScholarCross RefCross Ref
  46. Daiping Liu, Mingwei Zhang, and Haining Wang. 2018. A Robust and Efficient Defense against Use-after-Free Exploits via Concurrent Pointer Sweeping. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (Toronto, Canada) (CCS ’18). Association for Computing Machinery, New York, NY, USA, 1635–1648. isbn:9781450356930 Google ScholarGoogle ScholarDigital LibraryDigital Library
  47. Shen Liu, Gang Tan, and Trent Jaeger. 2017. PtrSplit: Supporting General Pointers in Automatic Program Partitioning. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (Dallas, Texas, USA) (CCS ’17). Association for Computing Machinery, New York, NY, USA, 2359–2371. isbn:9781450349468 Google ScholarGoogle ScholarDigital LibraryDigital Library
  48. LLVM Developer Group. 2022. LLVM Test Suite. https://llvm.org/docs/TestSuiteGuide.html Google ScholarGoogle Scholar
  49. LLVM Developer Group. 2022. Promote Memory to Register. https://llvm.org/docs/Passes.html#mem2reg-promote-memory-to-register Google ScholarGoogle Scholar
  50. LLVM Document. 2022. llvm::PointerType Class Reference. https://llvm.org/doxygen/classllvm_1_1PointerType.html Google ScholarGoogle Scholar
  51. H.J. Lu, Michael Matz, Milind Girkar, Jan Hubiĉka, Andreas Jaeger, and Mark Mitchell. 2020. System V Application Binary Interface AMD64 Architecture Processor Supplement. https://gitlab.com/x86-psABIs/x86-64-ABI Version 1.0. Google ScholarGoogle Scholar
  52. Chi-Keung Luk and Todd C. Mowry. 1996. Compiler-Based Prefetching for Recursive Data Structures. In Proceedings of the Seventh International Conference on Architectural Support for Programming Languages an d Operating Systems (Cambridge, Massachusetts, USA) (ASPLOS VII). Association for Computing Machinery, New York, NY, USA, 222–233. isbn:0897917677 Google ScholarGoogle ScholarDigital LibraryDigital Library
  53. Aravind Machiry, John Kastner, Matt McCutchen, Aaron Eline, Kyle Headley, and Michael Hicks. 2022. C to Checked C by 3C. In Proceedings of the ACM Conference on Object-Oriented Programming Languages, Systems, and Applications (OOPSLA). https://arxiv.org/abs/2203.13445 Google ScholarGoogle ScholarDigital LibraryDigital Library
  54. Matt Mahoney. 2021. Large Text Compression Benchmark. http://mattmahoney.net/dc/text.html Accessed: 09-03-2021. Google ScholarGoogle Scholar
  55. Microsoft Incorporation. [n. d.]. How to use Pageheap.exe in Windows XP and Windows 2000. https://support.microsoft.com/en-gb/help/286470/how-to-use-pageheap-exe-in-windows-xp-windows-2000-and-windows-server. Google ScholarGoogle Scholar
  56. Matt Miller. 2019. Trends, challenge, and shifts in software vulnerability mitigation. https://github.com/microsoft/MSRC-Security-Research/tree/master/presentations/2019_02_BlueHatIL BlueHat IL. Google ScholarGoogle Scholar
  57. Mozilla. 2023. Rust Programming Language. https://www.rust-lang.org/. Google ScholarGoogle Scholar
  58. Swamy Shivaganga Nagaraju, Cristian Craioveanu, Elia Florio, and Matt Miller. 2013. Software Vulnerability Exploitation Trends. Microsoft Technical Report. Google ScholarGoogle Scholar
  59. Santosh Nagarakatte. 2014. SoftBoundCETS for LLVM+Clang version 34. https://github.com/santoshn/softboundcets-34 Accessed: 07-25-2021. Google ScholarGoogle Scholar
  60. Santosh Nagarakatte, Milo M. K. Martin, and Steve Zdancewic. 2012. Watchdog: Hardware for Safe and Secure Manual Memory Management and Full Memory Safety. In Proceedings of the 39th Annual International Symposium on Computer Architecture (Portland, Oregon) (ISCA ’12). IEEE Computer Society, USA, 189–200. isbn:9781450316422 Google ScholarGoogle ScholarDigital LibraryDigital Library
  61. Santosh Nagarakatte, Milo M. K. Martin, and Steve Zdancewic. 2014. WatchdogLite: Hardware-Accelerated Compiler-Based Pointer Checking. In Proceedings of Annual IEEE/ACM International Symposium on Code Generation and Optimization (Orlando, FL, USA) (CGO ’14). Association for Computing Machinery, New York, NY, USA, 175–184. isbn:9781450326704 Google ScholarGoogle ScholarDigital LibraryDigital Library
  62. Santosh Nagarakatte, Milo M. K. Martin, and Steve Zdancewic. 2015. Everything You Want to Know About Pointer-Based Checking. In 1st Summit on Advances in Programming Languages (SNAPL 2015) (Leibniz International Proceedings in Informatics (LIPIcs), Vol. 32), Thomas Ball, Rastislav Bodik, Shriram Krishnamurthi, Benjamin S. Lerner, and Greg Morrisett (Eds.). Schloss Dagstuhl–Leibniz-Zentrum fuer Informatik, Dagstuhl, Germany, 190–208. isbn:978-3-939897-80-4 issn:1868-8969 Google ScholarGoogle ScholarCross RefCross Ref
  63. Santosh Nagarakatte, Jianzhou Zhao, Milo M.K. Martin, and Steve Zdancewic. 2009. SoftBound: Highly Compatible and Complete Spatial Memory Safety for C. In Proceedings of the 30th ACM SIGPLAN Conference on Programming Language Design and Implementation (Dublin, Ireland) (PLDI ’09). ACM, New York, NY, USA, 245–258. isbn:978-1-60558-392-1 Google ScholarGoogle ScholarDigital LibraryDigital Library
  64. Santosh Nagarakatte, Jianzhou Zhao, Milo M.K. Martin, and Steve Zdancewic. 2010. CETS: Compiler-Enforced Temporal Safety for C. In Proceedings of the 2010 International Symposium on Memory Management (Toronto, Ontario, Canada) (ISMM ’10). ACM, 31–40. isbn:978-1-4503-0054-4 Google ScholarGoogle ScholarDigital LibraryDigital Library
  65. George C. Necula, Jeremy Condit, Matthew Harren, Scott McPeak, and Westley Weimer. 2005. CCured: Type-Safe Retrofitting of Legacy Software. ACM Trans. Program. Lang. Syst. 27, 3 (May 2005), 477–526. issn:0164-0925 Google ScholarGoogle ScholarDigital LibraryDigital Library
  66. George C. Necula, Scott McPeak, and Westley Weimer. 2002. CCured: Type-Safe Retrofitting of Legacy Code. In Proceedings of the 29th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (Portland, Oregon) (POPL ’02). Association for Computing Machinery, New York, NY, USA, 128–139. isbn:1581134509 Google ScholarGoogle ScholarDigital LibraryDigital Library
  67. Gene Novark and Emery D. Berger. 2010. DieHarder: Securing the Heap. In Proceedings of the 17th ACM Conference on Computer and Communications Security (Chicago, Illinois, USA) (CCS ’10). ACM, New York, NY, USA, 573–584. isbn:978-1-4503-0245-6 Google ScholarGoogle ScholarDigital LibraryDigital Library
  68. Harish Patil and Charles Fischer. 1997. Low-Cost, Concurrent Checking of Pointer and Array Accesses in C Programs. Softw. Pract. Exper. 27, 1 (Jan. 1997), 87–110. issn:0038-0644 Google ScholarGoogle ScholarCross RefCross Ref
  69. Rui Pereira, Marco Couto, Francisco Ribeiro, Rui Rua, Jácome Cunha, Jo ao Paulo Fernandes, and Jo ao Saraiva. 2017. Energy Efficiency across Programming Languages: How Do Energy, Time, and Memory Relate?. In Proceedings of the 10th ACM SIGPLAN International Conference on Software Language Engineering (Vancouver, BC, Canada) (SLE 2017). Association for Computing Machinery, New York, NY, USA, 256–267. isbn:9781450355254 Google ScholarGoogle ScholarDigital LibraryDigital Library
  70. Bruce Perens. 1993. Electric Fence. https://linux.die.net/man/3/efence. Google ScholarGoogle Scholar
  71. Phantasmal Phantasmagoria. 2005. The Malloc Maleficarum. https://dl.packetstormsecurity.net/papers/attack/MallocMaleficarum.txt Google ScholarGoogle Scholar
  72. Jef Poskanzer. 2018. thttpd - tiny/turbo/throttling HTTP server. https://acme.com/software/thttpd/ Google ScholarGoogle Scholar
  73. Polyvios Pratikakis, Jeffrey S. Foster, and Michael Hicks. 2011. LOCKSMITH: Practical Static Race Detection for C. ACM Trans. Program. Lang. Syst. 33, 1, Article 3 (jan 2011), 55 pages. issn:0164-0925 Google ScholarGoogle ScholarDigital LibraryDigital Library
  74. Anne Rogers, Martin C. Carlisle, John H. Reppy, and Laurie J. Hendren. 1995. Supporting Dynamic Data Structures on Distributed-memory Machines. ACM Trans. Program. Lang. Syst. 17, 2 (March 1995), 233–263. issn:0164-0925 Google ScholarGoogle ScholarDigital LibraryDigital Library
  75. Zekun Shen and Brendan Dolan-Gavitt. 2020. HeapExpo: Pinpointing Promoted Pointers to Prevent Use-After-Free Vulnerabilities. In Proceedings of the 36th Annual Computer Security Applications Conference (ACSAC ’20). Association for Computing Machinery. Google ScholarGoogle ScholarDigital LibraryDigital Library
  76. Jangseop Shin, Donghyun Kwon, Yeongpil Cho Jiwon Seo, and Yunheung Paek. 2019. CRCount: Pointer Invalidation with Reference Counting to Mitigate Use-after-free in Legacy C/C++. In NDSS. Google ScholarGoogle Scholar
  77. Sam Silvestro, Hongyu Liu, Corey Crosser, Zhiqiang Lin, and Tongping Liu. 2017. FreeGuard: A Faster Secure Heap Allocator. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (Dallas, Texas, USA) (CCS ’17). Association for Computing Machinery, New York, NY, USA, 2389–2403. isbn:9781450349468 Google ScholarGoogle ScholarDigital LibraryDigital Library
  78. Sam Silvestro, Hongyu Liu, Tianyi Liu, Zhiqiang Lin, and Tongping Liu. 2018. Guarder: A Tunable Secure Allocator. In Proceedings of the 27th USENIX Conference on Security Symposium (Baltimore, MD, USA) (SEC’18). USENIX Association, USA, 117–133. isbn:9781931971461 Google ScholarGoogle Scholar
  79. Matthew S. Simpson and Rajeev K. Barua. 2013. MemSafe: Ensuring the Spatial and Temporal Memory Safety of C at Runtime. Softw. Pract. Exper. 43, 1 (Jan. 2013), 93–128. issn:0038-0644 Google ScholarGoogle ScholarDigital LibraryDigital Library
  80. Daniel Stenberg. 2022. cURL: A command line tool and library for transferring data with URLs. https://curl.se/ Google ScholarGoogle Scholar
  81. David Tarditi. 2021. Extending C with Bounds Safety and Improved Type Safety. Technical Report. https://github.com/microsoft/checkedc/tree/master/spec/bounds_safety Accessed: 07-14-2021. Google ScholarGoogle Scholar
  82. Erik van der Kouwe, Vinod Nigade, and Cristiano Giuffrida. 2017. DangSan: Scalable Use-after-free Detection. In Proceedings of the Twelfth European Conference on Computer Systems (Belgrade, Serbia) (EuroSys ’17). ACM, 405–419. isbn:978-1-4503-4938-3 Google ScholarGoogle ScholarDigital LibraryDigital Library
  83. WebAssembly. 2021. Memory64. https://github.com/WebAssembly/memory64/blob/main/proposals/memory64/Overview.md Google ScholarGoogle Scholar
  84. Nathaniel Wesley Filardo, Brett F. Gutstein, Jonathan Woodruff, Sam Ainsworth, Lucian Paul-Trifu, Brooks Davis, Hongyan Xia, Edward Tomasz Napierala, Alexander Richardson, John Baldwin, David Chisnall, Jessica Clarke, Khilan Gudka, Alexandre Joannou, A. Theodore Markettos, Alfredo Mazzinghi, Robert M. Norton, Michael Roe, Peter Sewell, Stacey Son, Timothy M. Jones, Simon W. Moore, Peter G. Neumann, and Robert N. M. Watson. 2020. Cornucopia: Temporal Safety for CHERI Heaps. In 2020 IEEE Symposium on Security and Privacy (SP). 608–625. Google ScholarGoogle ScholarCross RefCross Ref
  85. Brian Wickman, Hong Hu, Insu Yun, Daehee JangJungWon Lim, Sanidhya Kashyap, and Taesoo Kim. 2021. Preventing Use-After-Free Attacks with Fast Forward Allocation. In 30th USENIX Security Symposium (USENIX Security 21). USENIX Association, Vancouver, B.C. https://www.usenix.org/conference/usenixsecurity21/presentation/wickman Google ScholarGoogle Scholar
  86. Jonathan Woodruff, Robert N.M. Watson, David Chisnall, Simon W. Moore, Jonathan Anderson, Bro oks Davis, Ben Laurie, Peter G. Neumann, Robert Norton, and Michael Roe. 2014. The CHERI Capability Model: Revisiting RISC in an Age of Risk. In Proceeding of the 41st Annual International Symposium on Computer Architecture (Minneapolis, Minnesota, USA) (ISCA ’14). IEEE Press, Piscataway, NJ, USA, 457–468. isbn:978-1-4799-4394-4 http://dl.acm.org/citation.cfm?id=2665671.2665740 Google ScholarGoogle ScholarCross RefCross Ref
  87. Hongyan Xia, Jonathan Woodruf, Sam Ainsworth, Nathaniel W. Filardo, Michael Roe, Alexander Richardson, Peter Rugg, Peter G. Neumann, Simon W. Moore, Robert N. M. Watson, and Timothy M. Jones. 2019. CHERIvoke: Characterising Pointer Revocation Using CHERI Capabilities for Temporal Memory Safety. In Proceedings of the 52Nd Annual IEEE/ACM International Symposium on Microarchitecture (Columbus, OH, USA) (MICRO ’52). ACM, New York, NY, USA, 545–557. isbn:978-1-4503-6938-1 Google ScholarGoogle ScholarDigital LibraryDigital Library
  88. Wei Xu, Daniel C. DuVarney, and R. Sekar. 2004. An Efficient and Backwards-compatible Transformation to Ensure Memory Safety of C Programs. In Proceedings of the 12th ACM SIGSOFT Twelfth International Symposium on Foundations of Software Engineering (Newport Beach, CA, USA) (SIGSOFT ’04/FSE-12). ACM, New York, NY, USA, 117–126. isbn:1-58113-855-5 Google ScholarGoogle ScholarDigital LibraryDigital Library
  89. Wen Xu, Juanru Li, Junliang Shu, Wenbo Yang, Tianyi Xie, Yuanyuan Zhang, and Dawu Gu. 2015. From Collision To Exploitation: Unleashing Use-After-Free Vulnerabilities in Linux Kernel. In Proceedings of the 22Nd ACM SIGSAC Conference on Computer and Communications Security (Denver, Colorado, USA) (CCS ’15). ACM, New York, NY, USA, 414–425. isbn:978-1-4503-3832-5 Google ScholarGoogle ScholarDigital LibraryDigital Library
  90. Yves Younan. 2015. FreeSentry: Protecting Against Use-After-Free Vulnerabilities Due to Dangling Pointers. In NDSS. Google ScholarGoogle Scholar
  91. Mirco Zeiss. 2012. Really big json file representing san francisco’s subdivision parcels. https://github.com/zemirco/sf-city-lots-json Google ScholarGoogle Scholar
  92. Tong Zhang, Dongyoon Lee, and Changhee Jung. 2019. BOGO: Buy Spatial Memory Safety, Get Temporal Memory Safety (Almost) Free. In Proceedings of the Twenty-Fourth International Conference on Architectural Support for Programming Languages and Operating Systems (Providence, RI, USA) (ASPLOS ’19). ACM, New York, NY, USA, 631–644. isbn:978-1-4503-6240-5 Google ScholarGoogle ScholarDigital LibraryDigital Library
  93. Yuchen Zhang, Yunhang Zhang, Georgios Portokalidis, and Jun Xu. 2023. Towards Understanding the Runtime Performance of Rust. In Proceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering (Rochester, MI, USA) (ASE ’22). Association for Computing Machinery, New York, NY, USA, Article 140, 6 pages. isbn:9781450394758 Google ScholarGoogle ScholarDigital LibraryDigital Library
  94. Hakan Özler. 2019. A curated list of JSON / BSON datasets from the web in order to practice / use in MongoDB. https://github.com/ozlerhakan/mongodb-json-files Google ScholarGoogle Scholar

Index Terms

  1. Fat Pointers for Temporal Memory Safety of C

      Recommendations

      Comments

      Login options

      Check if you have access through your login credentials or your institution to get full access on this article.

      Sign in

      Full Access

      • Article Metrics

        • Downloads (Last 12 months)207
        • Downloads (Last 6 weeks)78

        Other Metrics

      PDF Format

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader
      About Cookies On This Site

      We use cookies to ensure that we give you the best experience on our website.

      Learn more

      Got it!