Temporal Safety for Stack Allocated Memory on Capability Machines

2019 IEEE 32nd Computer Security Foundations Symposium (CSF) Pub Date : 2019-06-01 DOI:10.1109/CSF.2019.00024

Stelios Tsampas, Dominique Devriese, F. Piessens

{"title":"Temporal Safety for Stack Allocated Memory on Capability Machines","authors":"Stelios Tsampas, Dominique Devriese, F. Piessens","doi":"10.1109/CSF.2019.00024","DOIUrl":null,"url":null,"abstract":"Memory capabilities as supported in capability machines are very similar to fat pointers, and hence are very useful for the efficient enforcement of spatial memory safety. Enforcing temporal memory safety however, is more challenging. This paper investigates an approach to enforce temporal memory safety for stack-allocated memory in C-like languages by extending capabilities with a simple dynamic mechanism. This mechanism ensures that capabilities with a certain lifetime can only be stored in memory that has a longer lifetime. Our mechanism prevents temporal memory safety violations, yet is sufficiently permissive to allow typical C coding idioms where addresses of local variables are passed up the call stack. We formalize the desired behavior of a simple C-like language as a dependently typed operational semantics, and we show that existing compilers to capability machines do not simulate this desired behavior: they either have to break temporal safety, or they have to defensively rule out allowed behaviors. Finally, we show that with our proposed dynamic mechanism, our compiler is fully abstract.","PeriodicalId":249093,"journal":{"name":"2019 IEEE 32nd Computer Security Foundations Symposium (CSF)","volume":"7 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"9","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 IEEE 32nd Computer Security Foundations Symposium (CSF)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CSF.2019.00024","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 9

Abstract

Memory capabilities as supported in capability machines are very similar to fat pointers, and hence are very useful for the efficient enforcement of spatial memory safety. Enforcing temporal memory safety however, is more challenging. This paper investigates an approach to enforce temporal memory safety for stack-allocated memory in C-like languages by extending capabilities with a simple dynamic mechanism. This mechanism ensures that capabilities with a certain lifetime can only be stored in memory that has a longer lifetime. Our mechanism prevents temporal memory safety violations, yet is sufficiently permissive to allow typical C coding idioms where addresses of local variables are passed up the call stack. We formalize the desired behavior of a simple C-like language as a dependently typed operational semantics, and we show that existing compilers to capability machines do not simulate this desired behavior: they either have to break temporal safety, or they have to defensively rule out allowed behaviors. Finally, we show that with our proposed dynamic mechanism, our compiler is fully abstract.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

能力机器上堆栈分配内存的时间安全性

功能机器中支持的内存功能与fat指针非常相似，因此对于有效地执行空间内存安全性非常有用。然而，执行临时内存安全性更具挑战性。本文研究了一种在类c语言中通过简单的动态机制扩展功能来增强堆栈分配内存的临时内存安全性的方法。此机制确保具有特定生存期的功能只能存储在具有更长的生存期的内存中。我们的机制防止了违反时间内存安全的情况，但也足够允许典型的C编码习惯，即局部变量的地址向上传递到调用堆栈。我们将简单的类c语言的期望行为形式化为依赖类型的操作语义，并且我们展示了现有的功能机器编译器不能模拟这种期望的行为:它们要么必须破坏时态安全性，要么必须防御地排除允许的行为。最后，我们证明了采用我们提出的动态机制，我们的编译器是完全抽象的。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

2019 IEEE 32nd Computer Security Foundations Symposium (CSF)

自引率

0.00%

发文量