Memory Safety for Today’s Languages and Architectures
Memory safety vulnerabilities remain one of the most critical sources of exploitable security problems in today’s software. Despite the growing popularity of modern, memory-safe languages, much of today’s software remains written in C and C++, which are prone to these vulnerabilities; and rewriting all of this C and C++ code would be prohibitively expensive and time-consuming. At the same time, microarchitectural side-channel attacks threaten to violate memory safety in increasingly complex ways. But, new languages such as WebAssembly (Wasm), and new hardware features such as ARM MTE, give programmers new tools in the fight against memory safety vulnerabilities — and with clever use of these tools, we can obtain strong security guarantees for today’s software.
In this dissertation, we present a variety of tools for improving memory safety for today’s C and C++ codebases, on today’s side-channel-prone microarchitectures. In the domain of finding memory-safety vulnerabilities, we first demonstrate how new microarchitectural features sometimes introduce new side-channel attacks (Chapter 1); then, we present program analysis tools which help keep programs secure from that class of side-channel attacks (Chapter 2) and from a newer and particularly relevant class of side-channel attacks, Spectre attacks (Chapter 3). In the remainder of the dissertation we focus on automatically preventing memory-safety vulnerabilities. We systematically compare and critique proposed software-based defenses against Spectre (Chapter 4); then we present one such defense, a tool which automatically and efficiently secures cryptographic programs against Spectre (Chapter 5). Starting with Chapter 6 we return to non-side-channel memory safety vulnerabilities, proposing an extension to Wasm which provides memory safety even inside its software sandbox; and finally, in Chapter 7 we present a compiler-based defense which works in conjunction with ARM MTE to automatically secure C and C++ programs from spatial memory safety vulnerabilities.