A. Bhayat, L. Cordeiro, Giles Reger, F. Shmarov, Konstantin Korovin, T. Melham, Kaled Alshamrany, Mustafa A. Mustafa, Pierre Olivier
{"title":"立场文件:迈向防止内存安全漏洞的混合方法","authors":"A. Bhayat, L. Cordeiro, Giles Reger, F. Shmarov, Konstantin Korovin, T. Melham, Kaled Alshamrany, Mustafa A. Mustafa, Pierre Olivier","doi":"10.1109/SecDev53368.2022.00020","DOIUrl":null,"url":null,"abstract":"Memory corruption bugs continue to plague low-level systems software, generally written in unsafe programming languages. In order to detect and protect against such exploits, many pre- and post-deployment techniques exist. In this position paper, we propose and motivate the need for a hybrid approach for the protection against memory safety vulnerabilities, com-bining techniques that can identify the presence (and absence) of vulnerabilities pre-deployment with those that can detect and mitigate such vulnerabilities post-deployment. Our proposed hy-brid approach involves three layers: hardware runtime protection provided by capability hardware, software runtime protection provided by compiler instrumentation, and static analysis pro-vided by bounded model checking and symbolic execution. The key aspect of the proposed hybrid approach is that the protection offered is greater than the sum of its parts - the expense of post-deployment runtime checks is potentially reduced via information obtained during pre-deployment analysis. During pre-deployment analysis, static checking can be guided by runtime information.","PeriodicalId":407946,"journal":{"name":"2022 IEEE Secure Development Conference (SecDev)","volume":"14 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-06-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Position Paper: Towards a Hybrid Approach to Protect Against Memory Safety Vulnerabilities\",\"authors\":\"A. Bhayat, L. Cordeiro, Giles Reger, F. Shmarov, Konstantin Korovin, T. Melham, Kaled Alshamrany, Mustafa A. Mustafa, Pierre Olivier\",\"doi\":\"10.1109/SecDev53368.2022.00020\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Memory corruption bugs continue to plague low-level systems software, generally written in unsafe programming languages. In order to detect and protect against such exploits, many pre- and post-deployment techniques exist. In this position paper, we propose and motivate the need for a hybrid approach for the protection against memory safety vulnerabilities, com-bining techniques that can identify the presence (and absence) of vulnerabilities pre-deployment with those that can detect and mitigate such vulnerabilities post-deployment. Our proposed hy-brid approach involves three layers: hardware runtime protection provided by capability hardware, software runtime protection provided by compiler instrumentation, and static analysis pro-vided by bounded model checking and symbolic execution. The key aspect of the proposed hybrid approach is that the protection offered is greater than the sum of its parts - the expense of post-deployment runtime checks is potentially reduced via information obtained during pre-deployment analysis. During pre-deployment analysis, static checking can be guided by runtime information.\",\"PeriodicalId\":407946,\"journal\":{\"name\":\"2022 IEEE Secure Development Conference (SecDev)\",\"volume\":\"14 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-06-05\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2022 IEEE Secure Development Conference (SecDev)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SecDev53368.2022.00020\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 IEEE Secure Development Conference (SecDev)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SecDev53368.2022.00020","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Position Paper: Towards a Hybrid Approach to Protect Against Memory Safety Vulnerabilities
Memory corruption bugs continue to plague low-level systems software, generally written in unsafe programming languages. In order to detect and protect against such exploits, many pre- and post-deployment techniques exist. In this position paper, we propose and motivate the need for a hybrid approach for the protection against memory safety vulnerabilities, com-bining techniques that can identify the presence (and absence) of vulnerabilities pre-deployment with those that can detect and mitigate such vulnerabilities post-deployment. Our proposed hy-brid approach involves three layers: hardware runtime protection provided by capability hardware, software runtime protection provided by compiler instrumentation, and static analysis pro-vided by bounded model checking and symbolic execution. The key aspect of the proposed hybrid approach is that the protection offered is greater than the sum of its parts - the expense of post-deployment runtime checks is potentially reduced via information obtained during pre-deployment analysis. During pre-deployment analysis, static checking can be guided by runtime information.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
