Secure Memory by Compiling

A special case of building isolated software boxes.

With Static & Dynamic analysis and/or Compiler Instrumentations.

Examples:

  • Shadow Stacks

  • SafeCode

  • nesCheck

Reference 1

  • 201904 Secswift

    • Reference 1 A compiler approach to cyber-security ↩

  • Sok: Shining Light on Shadow Stacks

    • Reference 1 SoK: Shining Light on Shadow Stacks. arXiv, 2019. ↩

  • Defending Embedded Systems Against Control Flow Attacks

    • A hardware controlled stack split: one for data, one for return; Reference 1 Defending Embedded Systems Against Control Flow Attacks. SecuCode, 2009. ↩

  • Efficient Detection of All Pointer and Array Access Errors

    • Reference 1 Efficient Detection of All Pointer and Array Access Errors. PLDI, 1994. ↩

  • Protecting Bare-metal Embedded Systems With Privilege Overlays

    • Reference 1 Protecting Bare-metal Embedded Systems With Privilege Overlays. SP. 2017. ↩

  • MINION: Securing Real-Time Microcontroller Systems through Customized Memory View Switching

    • Reference:

  • nesCheck

    • nesCheck1. Statically find all provable memory bugs and report them as errors; Statically find all potentially unsafe memory accesses, determine and exclude those that will never result in a memory corruption in a conservative way; report the remaining vulnerabilities as warnings; Dynamically instrument all remaining vulnerable location with runtime checks, and catch all memory errors at runtime. Related text with sil: Similar to CCured, nesCheck leverages more extensive static analysis and tailored runtime checks for wireless sensor network system (TinyOS)

  • uXOM

    • $\mu$XOM1: Efficient eXecute-Only Memory on ARM Cortex-M. USENIX Security, 2019. Background Code injection attacks: W$\oplus$X. Since virtually all processors today are equipped with at least five basic memory permissions: read-write-execute (RWX), read-write (RW), read-execute (RX), read-only (RO) and no-access (NA). W$\oplus$X can be efficiently enforced in hardware for a memory region solely by disabling RWX. Disclosure attacks: attemps to read part of or possibly the entire code. Code often contains intellectual properties (IPs) including core algorithems and sensitive data like cryptographic keys.

  • Rest

    • References: reference More

  • Safemem

    • References: Qin, Feng, Shan Lu, and Yuanyuan Zhou. “SafeMem: Exploiting ECC-memory for detecting memory leaks and memory corruption during production runs.” 11th International Symposium on High-Performance Computer Architecture. IEEE, 2005. More

  • Asan

    • References: K. Serebryany, D. Bruening, A. Potapenko, and D. Vyukov, “Addresssanitizer: A fast address sanity checker,” in ATC, 2012. reference Overview “[AddressSanitizer]”: use shaow memory to record whether each byte of application memory is safe to access; use instrumentation to check the shadow memory on each application load or store; more efficient than AddrCheck in Valgrind: use a more efficent shadow mapping; a more compact shadow encoding.

  1. reference
Created Oct 12, 2019 // Last Updated May 18, 2021

If you could revise
the fundmental principles of
computer system design
to improve security...

... what would you change?