SPLASH 2023
Sun 22 - Fri 27 October 2023 Cascais, Portugal
Fri 27 Oct 2023 14:18 - 14:36 at Room XII - security & privacy Chair(s): Arjun Guha

Temporal memory safety bugs, especially use-after-free and double free bugs, pose a major security threat to C programs. Real-world exploits utilizing these bugs enable attackers to read and write arbitrary memory locations, causing disastrous violations of confidentiality, integrity, and availability. Many previous solutions retrofit temporal memory safety to C, but they all either incur high performance overhead and/or miss detecting certain types of temporal memory safety bugs.

In this paper, we propose a temporal memory safety solution that is both efficient and comprehensive. Specifically, we extend Checked C, a spatially-safe extension to C, with temporally-safe pointers. These are implemented by combining two techniques: fat pointers and dynamic key-lock checks. We show that the fat-pointer solution significantly improves running time and memory overhead compared to the disjoint-metadata approach that provides the same level of protection. With empirical program data and hands-on experience porting real-world applications, we also show that our solution is practical in terms of backward compatibility—one of the major complaints about fat pointers.

Fri 27 Oct

Displayed time zone: Lisbon change

14:00 - 15:30
security & privacyOOPSLA at Room XII
Chair(s): Arjun Guha Northeastern University; Roblox
14:00
18m
Talk
Compositional Security Definitions for Higher-Order Where Declassification
OOPSLA
Jan Menz MPI-SWS, Andrew K. Hirsch University at Buffalo, SUNY, Peixuan Li Pennsylvania State University, Deepak Garg MPI-SWS
DOI
14:18
18m
Talk
Fat Pointers for Temporal Memory Safety of C
OOPSLA
Jie Zhou University of Rochester, John Criswell University of Rochester, Michael Hicks Amazon Web Services and the University of Maryland
DOI
14:36
18m
Talk
Quantifying and Mitigating Cache Side Channel Leakage with Differential Set
OOPSLA
Cong Ma University of Waterloo, Dinghao Wu Pennsylvania State University, Gang (Gary) Tan Pennsylvania State University, Mahmut Taylan Kandemir Pennsylvania State University, Danfeng Zhang Duke University; Pennsylvania State University
DOI
14:54
18m
Talk
A Verification Methodology for the Arm® Confidential Computing Architecture: From a Secure Specification to Safe Implementations
OOPSLA
Anthony C. J. Fox ARM, Gareth Stockwell ARM, Shale Xiong ARM, Hanno Becker Amazon Web Services, Dominic P. Mulligan Amazon Web Services, Gustavo Petri Amazon Web Services, Nathan Chong Amazon Web Services
DOI
15:12
18m
Talk
Verifying Indistinguishability of Privacy-Preserving Protocols
OOPSLA
Kirby Linvill University of Colorado Boulder, Gowtham Kaki University of Colorado at Boulder, Eric Wustrow University of Colorado Boulder
DOI