Temporal memory safety bugs, especially use-after-free and double free bugs, pose a major security threat to C programs. Real-world exploits utilizing these bugs enable attackers to read and write arbitrary memory locations, causing disastrous violations of confidentiality, integrity, and availability. Many previous solutions retrofit temporal memory safety to C, but they all either incur high performance overhead and/or miss detecting certain types of temporal memory safety bugs. In this paper, we propose a temporal memory safety solution that is both efficient and comprehensive. Specifically, we extend Checked C, a spatially-safe extension to C, with temporally-safe pointers. These are implemented by combining two techniques: fat pointers and dynamic key-lock checks. We show that the fat-pointer solution significantly improves running time and memory overhead compared to the disjoint-metadata approach that provides the same level of protection. With empirical program data and hands-on experience porting real-world applications, we also show that our solution is practical in terms of backward compatibility -- one of the major complaints about fat pointers.
翻译:时态内存安全问题,尤其是使用后释放和双重释放漏洞,对C语言程序构成了严重威胁。利用这些漏洞的真实世界攻击使攻击者能够读取和写入任意内存位置,导致机密性,完整性和可用性惨重违反。许多此前的解决方案将时态内存安全性附加到C中,但它们都要么产生高性能开销,要么错失检测某些类型的时态内存安全漏洞。在本文中,我们提出了一种既高效又全面的时态内存安全解决方案。具体而言,我们使用fat指针和动态键锁检查两种技术将Checked C(C的空间安全扩展)扩展为含有时间安全指针。我们展示fat指针解决方案在运行时间和内存开销方面均显着优于提供同样级别保护的分离元数据方法。通过实证程序数据和对实际应用程序进行移植的实践经验,我们还展示了我们的解决方案在向后兼容性方面也是实际可行的,这是fat指针的主要抱怨之一。