Fat Pointers for Temporal Memory Safety of C (SPLASH 2023 - OOPSLA)

Sun 22 - Fri 27 October 2023 Cascais, Portugal

Who

Jie Zhou, John Criswell, Michael Hicks

Track

SPLASH 2023 OOPSLA

Time Zone

The program is currently displayed in (GMT+01:00) Lisbon.

Use conference time zone: (GMT+01:00) LisbonSelect other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

By setting a time band, the program will dim events that are outside this time window. This is useful for (virtual) conferences with a continuous program (with repeated sessions).
The time band will also limit the events that are included in the personal iCalendar subscription service.

Display full programSpecify a time band

Save

When

Fri 27 Oct 2023 14:18 - 14:36 at Room XII - security & privacy Chair(s): Arjun Guha

Abstract

Temporal memory safety bugs, especially use-after-free and double free bugs, pose a major security threat to C programs. Real-world exploits utilizing these bugs enable attackers to read and write arbitrary memory locations, causing disastrous violations of confidentiality, integrity, and availability. Many previous solutions retrofit temporal memory safety to C, but they all either incur high performance overhead and/or miss detecting certain types of temporal memory safety bugs.

In this paper, we propose a temporal memory safety solution that is both efficient and comprehensive. Specifically, we extend Checked C, a spatially-safe extension to C, with temporally-safe pointers. These are implemented by combining two techniques: fat pointers and dynamic key-lock checks. We show that the fat-pointer solution significantly improves running time and memory overhead compared to the disjoint-metadata approach that provides the same level of protection. With empirical program data and hands-on experience porting real-world applications, we also show that our solution is practical in terms of backward compatibility—one of the major complaints about fat pointers.

DOI

https://doi.org/10.1145/3586038

Jie Zhou

University of Rochester

United States

John Criswell

University of Rochester

United States

Michael Hicks

Amazon Web Services and the University of Maryland

United States

Time Zone

The program is currently displayed in (GMT+01:00) Lisbon.

Use conference time zone: (GMT+01:00) LisbonSelect other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

Display full programSpecify a time band

Save

Session Program

Fri 27 Oct
Displayed time zone: Lisbon change

14:00 - 15:30	security & privacyOOPSLA at Room XII Chair(s): Arjun Guha Northeastern University; Roblox

14:00 18m Talk		Compositional Security Definitions for Higher-Order Where Declassification OOPSLA Jan Menz MPI-SWS, Andrew K. Hirsch University at Buffalo, SUNY, Peixuan Li Pennsylvania State University, Deepak Garg MPI-SWS DOI
14:18 18m Talk		Fat Pointers for Temporal Memory Safety of C OOPSLA Jie Zhou University of Rochester, John Criswell University of Rochester, Michael Hicks Amazon Web Services and the University of Maryland DOI
14:36 18m Talk		Quantifying and Mitigating Cache Side Channel Leakage with Differential Set OOPSLA Cong Ma University of Waterloo, Dinghao Wu Pennsylvania State University, Gang Tan Pennsylvania State University, Mahmut Taylan Kandemir Pennsylvania State University, Danfeng Zhang Duke University; Pennsylvania State University DOI
14:54 18m Talk		A Verification Methodology for the Arm® Confidential Computing Architecture: From a Secure Specification to Safe Implementations OOPSLA Anthony C. J. Fox ARM, Gareth Stockwell ARM, Shale Xiong ARM, Hanno Becker Amazon Web Services, Dominic P. Mulligan Amazon Web Services, Gustavo Petri Amazon Web Services, Nathan Chong Amazon Web Services DOI
15:12 18m Talk		Verifying Indistinguishability of Privacy-Preserving Protocols OOPSLA Kirby Linvill University of Colorado Boulder, Gowtham Kaki University of Colorado at Boulder, Eric Wustrow University of Colorado Boulder DOI