How to Secure Existing C and C++ Software without Memory Safety

• URL: http://arxiv.org/abs/2503.21145v1
• Date: Thu, 27 Mar 2025 04:20:47 GMT
• Title: How to Secure Existing C and C++ Software without Memory Safety
• Authors: Úlfar Erlingsson,
• Abstract summary: For C and C++ software, attackers can exploit most bugs and vulnerabilities to gain full, unfettered control of software behavior.<n>This security benefit can be had for unmodified C/C++ software, without per-application effort.<n>To eliminate these interleavings, there already exist compiler and runtime mechanisms that incur little overhead and need no special hardware or platform support.
• Score: 1.5591858554014466
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: The most important security benefit of software memory safety is easy to state: for C and C++ software, attackers can exploit most bugs and vulnerabilities to gain full, unfettered control of software behavior, whereas this is not true for most bugs in memory-safe software. Fortunately, this security benefit -- most bugs don't give attackers full control -- can be had for unmodified C/C++ software, without per-application effort. This doesn't require trying to establish memory safety; instead, it is sufficient to eliminate most of the combinatorial ways in which software with corrupted memory can execute. To eliminate these interleavings, there already exist practical compiler and runtime mechanisms that incur little overhead and need no special hardware or platform support. Each of the mechanisms described here is already in production use, at scale, on one or more platforms. By supporting their combined use in development toolchains, the security of all C and C++ software against remote code execution attacks can be rapidly, and dramatically, improved.

Related papers

• CRUST-Bench: A Comprehensive Benchmark for C-to-safe-Rust Transpilation [63.23120252801889]
  CRUST-Bench is a dataset of 100 C repositories, each paired with manually-written interfaces in safe Rust as well as test cases. We evaluate state-of-the-art large language models (LLMs) on this task and find that safe and idiomatic Rust generation is still a challenging problem. The best performing model, OpenAI o1, is able to solve only 15 tasks in a single-shot setting.
  arXiv  Detail & Related papers  (2025-04-21T17:33:33Z)
• Preventing Rowhammer Exploits via Low-Cost Domain-Aware Memory Allocation [46.268703252557316]
  Rowhammer is a hardware security vulnerability at the heart of every system with modern DRAM-based memory. C Citadel is a new memory allocator design that prevents Rowhammer-initiated security exploits. C Citadel supports thousands of security domains at a modest 7.4% average memory overhead and no performance loss.
  arXiv  Detail & Related papers  (2024-09-23T18:41:14Z)
• Fully Randomized Pointers [7.1754940591892735]
  We propose Fully Randomized Pointers (FRP) as a stronger memory error defense that is resistant to even brute force attacks. The key idea is to fully randomize pointer bits -- as much as possible -- while also preserving binary compatibility. We show that FRP is secure, practical, and compatible at the binary level, while a hardware implementation can achieve low performance overheads.
  arXiv  Detail & Related papers  (2024-05-21T05:54:27Z)
• Improving Program Debloating with 1-DU Chain Minimality [47.73151075716047]
  We present RLDebloatDU, an innovative debloating technique that employs 1-DU chain minimality within abstract syntax trees. Our approach maintains essential program data dependencies, striking a balance between aggressive code reduction and the preservation of program semantics.
  arXiv  Detail & Related papers  (2024-02-01T02:00:32Z)
• HasTEE+ : Confidential Cloud Computing and Analytics with Haskell [50.994023665559496]
  Confidential computing enables the protection of confidential code and data in a co-tenanted cloud deployment using specialized hardware isolation units called Trusted Execution Environments (TEEs) TEEs offer low-level C/C++-based toolchains that are susceptible to inherent memory safety vulnerabilities and lack language constructs to monitor explicit and implicit information-flow leaks. We address the above with HasTEE+, a domain-specific language (cla) embedded in Haskell that enables programming TEEs in a high-level language with strong type-safety.
  arXiv  Detail & Related papers  (2024-01-17T00:56:23Z)
• GWP-ASan: Sampling-Based Detection of Memory-Safety Bugs in Production [30.534320345970286]
  heap-use-after-free and heap-buffer-overflow bugs remain the primary problem for security, reliability, and developer productivity for applications written in C or C++. This paper describes a family of tools that detect these two classes of memory-safety bugs, while running in production, at near-zero overhead.
  arXiv  Detail & Related papers  (2023-11-15T21:41:53Z)
• Evil from Within: Machine Learning Backdoors through Hardware Trojans [51.81518799463544]
  Backdoors pose a serious threat to machine learning, as they can compromise the integrity of security-critical systems, such as self-driving cars.<n>We introduce a backdoor attack that completely resides within a common hardware accelerator for machine learning.<n>We demonstrate the practical feasibility of our attack by implanting our hardware trojan into the Xilinx Vitis AI DPU.
  arXiv  Detail & Related papers  (2023-04-17T16:24:48Z)
• Learning Performance-Improving Code Edits [107.21538852090208]
  We introduce a framework for adapting large language models (LLMs) to high-level program optimization. First, we curate a dataset of performance-improving edits made by human programmers of over 77,000 competitive C++ programming submission pairs. For prompting, we propose retrieval-based few-shot prompting and chain-of-thought, and for finetuning, these include performance-conditioned generation and synthetic data augmentation based on self-play.
  arXiv  Detail & Related papers  (2023-02-15T18:59:21Z)
• Securing Optimized Code Against Power Side Channels [1.589424114251205]
  Security engineers often sacrifice code efficiency by turning off compiler optimization and/or performing local, post-compilation transformations. This paper proposes SecConCG, a constraint-based compiler approach that generates optimized yet secure code.
  arXiv  Detail & Related papers  (2022-07-06T12:06:28Z)
• CryptSan: Leveraging ARM Pointer Authentication for Memory Safety in C/C++ [0.9208007322096532]
  CryptSan is a memory safety approach based on ARM Pointer Authentication. We present a full LLVM-based prototype implementation, running on an M1 MacBook Pro. This, together with its interoperability with uninstrumented libraries and cryptographic protection against attacks on metadata, makes CryptSan a viable solution for retrofitting memory safety to C/C++ programs.
  arXiv  Detail & Related papers  (2022-02-17T14:04:01Z)
• SafePILCO: a software tool for safe and data-efficient policy synthesis [67.17251247987187]
  SafePILCO is a software tool for safe and data-efficient policy search with reinforcement learning. It extends the known PILCO algorithm, originally written in Python, to support safe learning.
  arXiv  Detail & Related papers  (2020-08-07T17:17:30Z)
• Breaking Type Safety in Go: An Empirical Study on the Usage of the unsafe Package [3.548075273599941]
  We present the first large-scale study on the usage of the unsafe package in 2,438 popular Go projects. Our investigation shows that unsafe is used in 24% of Go projects, motivated primarily by communicating with operating systems and C code. We report a series of real issues faced by projects that use unsafe, from crashing errors and non-deterministic behavior to having their deployment restricted.
  arXiv  Detail & Related papers  (2020-06-17T16:38:40Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.