Position Paper: Towards a Hybrid Approach to Protect Against Memory Safety Vulnerabilities

Kaled Alshmrany, Ahmed Bhayat, Franz Brauße, Lucas Cordeiro, Konstantin Korovin, Tom Melham, Mustafa A. Mustafa, Pierre Olivier, Giles Reger, Fedor Shmarov

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

Memory corruption bugs continue to plague lowlevel systems software, generally written in unsafe programming languages. In order to detect and protect against such exploits, many pre- and post-deployment techniques exist. In this position paper, we propose and motivate the need for a hybrid approach for the protection against memory safety vulnerabilities, combining techniques that can identify the presence (and absence) of vulnerabilities pre-deployment with those that can detect and mitigate such vulnerabilities post-deployment. Our proposed hybrid approach involves three layers: hardware runtime protection provided by capability hardware, software runtime protection provided by compiler instrumentation, and static analysis provided by bounded model checking and symbolic execution. The key aspect of the proposed hybrid approach is that the protection offered is greater than the sum of its parts – the expense of postdeployment runtime checks is potentially reduced via information obtained during pre-deployment analysis. During pre-deployment analysis, static checking can be guided by runtime information.
Original languageEnglish
Title of host publicationIEEE Secure Development Conference
Publication statusAccepted/In press - 30 Aug 2022

Fingerprint

Dive into the research topics of 'Position Paper: Towards a Hybrid Approach to Protect Against Memory Safety Vulnerabilities'. Together they form a unique fingerprint.

Cite this