Temporal memory safety bugs, especially use-after-free and double free bugs, pose a major security threat to C programs. Real-world exploits utilizing these bugs enable attackers to read and write arbitrary memory locations, causing disastrous violations of confidentiality, integrity, and availability. Many previous solutions retrofit temporal memory safety to C, but they all either incur high performance overhead and/or miss detecting certain types of temporal memory safety bugs. In this paper, we propose a temporal memory safety solution that is both efficient and comprehensive. Specifically, we extend Checked C, a spatially-safe extension to C, with temporally-safe pointers. These are implemented by combining two techniques: fat pointers and dynamic key-lock checks. We show that the fat-pointer solution significantly improves running time and memory overhead compared to the disjoint-metadata approach that provides the same level of protection. With empirical program data and hands-on experience porting real-world applications, we also show that our solution is practical in terms of backward compatibility -- one of the major complaints about fat pointers.
翻译:时间记忆安全错误,特别是无后使用和双自由的错误,对C程序构成重大安全威胁。 现实世界利用这些错误使攻击者能够读写任意的记忆地点,造成灾难性的保密、完整性和可用性。 许多以前的解决方案将时间记忆安全改换为C, 但所有这些解决方案都产生高性能管理间接费用和(或)错觉某些类型的时间记忆安全错误。 在本文中, 我们提出了一个既有效又全面的时间记忆安全解决方案。 具体地说, 我们将已检查过的C扩展为C, 空间安全扩展为C, 并配有时间安全的指针。 这些应用是结合两种技术实施的: 脂肪指针和动态钥匙锁检查。 我们显示, 脂肪点解决方案大大改善了运行的时间和记忆管理, 与提供同样程度的保护的脱节式元数据方法相比。 我们用实验程序数据和亲手体验到实际世界应用程序, 我们还表明我们的解决方案在落后兼容性方面是实用的, 是对脂肪点的主要投诉之一。