Towards Comprehensive Memory Safety Using Memory Safety Validation

Abstract: Researchers have rightfully been concerned about preventing memory errors, but in doing so have ignored methods to improve the security of the parts of the program that are already memory safe. We describe techniques to perform comprehensive memory safety validation that identify the program objects whose accesses probably comply with all classes of memory safety. We have found that large fractions of program objects satisfy memory safety comprehensively and that these fractions are increasing. Our results show that over 85% of stack objects and over 77% of heap objects in over 1,200 Linux Ubuntu packages can be validated as satisfying memory safety comprehensively. We discuss some immediate benefits that can be realized by leveraging these results, such as low overhead protection from memory errors, and some potential benefits to explore in the future. Finally, we discuss directions to explore to utilize the knowledge learned from comprehensive memory safety to prevent memory errors in accesses to the remaining, unsafe objects.

Bio: Trent Jaeger is a Professor in the Computer Science and Engineering Department at the University of California, Riverside. Trent’s primary research interests are operating systems and software security. He has published over 180 refereed research papers and the book, “Operating Systems Security,” which has been taught in universities worldwide. Trent has made significant security contributions to the open-source security community, particularly for the Linux kernel. His research has been recognized with the ACM SIGSAC Outstanding Contributions Award in 2020. He is an ACM and IEEE Fellow.

Website: https://www.trentjaeger.com/