The undefined quest for full memory safety
Thesis: M. Eng., Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science, 2018. === This electronic version was submitted by the student author. The certified thesis is available in the Institute Archives and Special Collections. === Cataloged from student-s...
Main Author: | |
---|---|
Other Authors: | |
Format: | Others |
Language: | English |
Published: |
Massachusetts Institute of Technology
2018
|
Subjects: | |
Online Access: | http://hdl.handle.net/1721.1/119551 |
id |
ndltd-MIT-oai-dspace.mit.edu-1721.1-119551 |
---|---|
record_format |
oai_dc |
spelling |
ndltd-MIT-oai-dspace.mit.edu-1721.1-1195512019-05-02T16:16:35Z The undefined quest for full memory safety Gil, Ronald, M. Eng. Massachusetts Institute of Technology Howard E. Shrobe and Hamed Okhravi. Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science. Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science. Electrical Engineering and Computer Science. Thesis: M. Eng., Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science, 2018. This electronic version was submitted by the student author. The certified thesis is available in the Institute Archives and Special Collections. Cataloged from student-submitted PDF version of thesis. Includes bibliographical references (pages 59-64). In this thesis, we explore full memory safety and the various intricacies involved. We analyze existing memory safety techniques in both hardware and software and their many different goals. This task involves determining the limits of the protections guaranteed by these different protection systems, regardless of whether they were explicitly or implicitly stated. It is demonstrated that the common software technique of protecting only allocation bounds does not provide nearly enough of a barrier for attackers. Then, we go beyond particular schemes and examine the limitations of languages, C in particular. We discover many corner cases and ambiguities that prevent even the best possible protection system from providing full memory safety in the context of the C language specification. We also collect some results for the prevalence of these issues, present approaches to further analyze them, and consider how they might extend into other languages or systems. by Ronald Gil. M. Eng. 2018-12-11T20:39:47Z 2018-12-11T20:39:47Z 2018 2018 Thesis http://hdl.handle.net/1721.1/119551 1076273115 eng MIT theses are protected by copyright. They may be viewed, downloaded, or printed from this source but further reproduction or distribution in any format is prohibited without written permission. http://dspace.mit.edu/handle/1721.1/7582 64 pages application/pdf Massachusetts Institute of Technology |
collection |
NDLTD |
language |
English |
format |
Others
|
sources |
NDLTD |
topic |
Electrical Engineering and Computer Science. |
spellingShingle |
Electrical Engineering and Computer Science. Gil, Ronald, M. Eng. Massachusetts Institute of Technology The undefined quest for full memory safety |
description |
Thesis: M. Eng., Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science, 2018. === This electronic version was submitted by the student author. The certified thesis is available in the Institute Archives and Special Collections. === Cataloged from student-submitted PDF version of thesis. === Includes bibliographical references (pages 59-64). === In this thesis, we explore full memory safety and the various intricacies involved. We analyze existing memory safety techniques in both hardware and software and their many different goals. This task involves determining the limits of the protections guaranteed by these different protection systems, regardless of whether they were explicitly or implicitly stated. It is demonstrated that the common software technique of protecting only allocation bounds does not provide nearly enough of a barrier for attackers. Then, we go beyond particular schemes and examine the limitations of languages, C in particular. We discover many corner cases and ambiguities that prevent even the best possible protection system from providing full memory safety in the context of the C language specification. We also collect some results for the prevalence of these issues, present approaches to further analyze them, and consider how they might extend into other languages or systems. === by Ronald Gil. === M. Eng. |
author2 |
Howard E. Shrobe and Hamed Okhravi. |
author_facet |
Howard E. Shrobe and Hamed Okhravi. Gil, Ronald, M. Eng. Massachusetts Institute of Technology |
author |
Gil, Ronald, M. Eng. Massachusetts Institute of Technology |
author_sort |
Gil, Ronald, M. Eng. Massachusetts Institute of Technology |
title |
The undefined quest for full memory safety |
title_short |
The undefined quest for full memory safety |
title_full |
The undefined quest for full memory safety |
title_fullStr |
The undefined quest for full memory safety |
title_full_unstemmed |
The undefined quest for full memory safety |
title_sort |
undefined quest for full memory safety |
publisher |
Massachusetts Institute of Technology |
publishDate |
2018 |
url |
http://hdl.handle.net/1721.1/119551 |
work_keys_str_mv |
AT gilronaldmengmassachusettsinstituteoftechnology theundefinedquestforfullmemorysafety AT gilronaldmengmassachusettsinstituteoftechnology undefinedquestforfullmemorysafety |
_version_ |
1719037740455034880 |