Security Analysis of CHERI
References:
Software Defense: Mitigating Heap Corruption Vulnerabilities
An Armful of CHERIs, Security Research & Defense, By Saar Amar, January 20, 2022
Type Confusion Attack
Heap Attacks
Metadata Corruption and Type Confusion Attack
Assumption: the metadata is corrupted in some way.
Having malloc return that same allocation multiple times or returning overlapping allocations.
Examples:
- “Block size attack”:
- “Google Project Zero (GPZ) exploit”:
- creates overlapping chunks with only an off-by-one of a null byte.
Pros
More
If you could revise
the fundmental principles of
computer system design
to improve security...
... what would you change?