The undefined quest for full memory safety
DownloadFull printable version (1.296Mb)
Other Contributors
Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science.
Advisor
Howard E. Shrobe and Hamed Okhravi.
Terms of use
Metadata
Show full item recordAbstract
In this thesis, we explore full memory safety and the various intricacies involved. We analyze existing memory safety techniques in both hardware and software and their many different goals. This task involves determining the limits of the protections guaranteed by these different protection systems, regardless of whether they were explicitly or implicitly stated. It is demonstrated that the common software technique of protecting only allocation bounds does not provide nearly enough of a barrier for attackers. Then, we go beyond particular schemes and examine the limitations of languages, C in particular. We discover many corner cases and ambiguities that prevent even the best possible protection system from providing full memory safety in the context of the C language specification. We also collect some results for the prevalence of these issues, present approaches to further analyze them, and consider how they might extend into other languages or systems.
Description
Thesis: M. Eng., Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science, 2018. This electronic version was submitted by the student author. The certified thesis is available in the Institute Archives and Special Collections. Cataloged from student-submitted PDF version of thesis. Includes bibliographical references (pages 59-64).
Date issued
2018Department
Massachusetts Institute of Technology. Department of Electrical Engineering and Computer SciencePublisher
Massachusetts Institute of Technology
Keywords
Electrical Engineering and Computer Science.