Fast, compatible, complete memory safety For C programs

• Main Author: Davis, Eli Bristol
• Other Authors: Martin C. Rinard and Stelios Sidiroglou-Douskos.
• Format: Others
• Language: English
• Published: Massachusetts Institute of Technology 2017
• Subjects: Electrical Engineering and Computer Science.
• Online Access: http://hdl.handle.net/1721.1/112860

Thesis: M. Eng., Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science, 2016. === Cataloged from PDF version of thesis. === Includes bibliographical references (pages 95-97). === The lack of memory safety in C/C++ programs is one of, if not the, most persistent and costly sources of program exploits. Attacks based on memory corruption can range from the reading of private data to a complete hostile takeover of a process. While many solutions to this problem have been proposed, it is as of yet unsolved-as old memory corruption attacks are rendered obsolete, new attacks continually spring up. This lack of success is largely due to the trade-offs that memory safety solutions make between completeness, compatibility, and overhead. There no a single solution with all three properties, and a solution must have all three in order to once-and-for-all solve the lack of memory safety in C programs: If a solution is incomplete, attackers will find a workaround. Unless it is backwards compatible and low-overhead, it will not be deployed in production. My goal for this thesis was to take an existing system which is close to having all three properties, and add the missing property. I chose to work with SoftboundCETS an LLVM pass which is already complete and backwards compatible, but has high runtime overhead. In this thesis, I take SoftboundCETS and heavily optimize its runtimes, reducing its total overhead by half. I split the original pass into two separate passes (one to mark which instructions were to be instrumented and the second to do the actual instrumentation) and then insert several optimization passes between them. I test my results on selected benchmarks from SPEC2000 and SPEC2006, and create a virtual machine image which allows my results to be reliably reproduced. Lastly, I propose a number of further optimizations which would allow Softbound-CETS to achieve low enough overhead to be used in a mid-performance production system. === by Eli Bristol Davis. === M. Eng.