Standard

Temporal safety for stack allocated memory on capability machines. / Tsampas, Stelios; Devriese, Dominique; Piessens, Frank.

32nd IEEE Computer Security Foundations Symposium. IEEE, 2019. p. 243-255 (IEEE Computer Security Foundations Symposium (CSF)).

Research output: Chapter in Book/Report/Conference proceedingConference paperResearch

Harvard

Tsampas, S, Devriese, D & Piessens, F 2019, Temporal safety for stack allocated memory on capability machines. in 32nd IEEE Computer Security Foundations Symposium. IEEE Computer Security Foundations Symposium (CSF), IEEE, pp. 243-255, 32nd IEEE Computer Security Foundations Symposium, Hoboken, NJ, United States, 25/06/19. https://doi.org/10.1109/CSF.2019.00024

APA

Tsampas, S., Devriese, D., & Piessens, F. (2019). Temporal safety for stack allocated memory on capability machines. In 32nd IEEE Computer Security Foundations Symposium (pp. 243-255). (IEEE Computer Security Foundations Symposium (CSF)). IEEE. https://doi.org/10.1109/CSF.2019.00024

Vancouver

Tsampas S, Devriese D, Piessens F. Temporal safety for stack allocated memory on capability machines. In 32nd IEEE Computer Security Foundations Symposium. IEEE. 2019. p. 243-255. (IEEE Computer Security Foundations Symposium (CSF)). https://doi.org/10.1109/CSF.2019.00024

Author

Tsampas, Stelios ; Devriese, Dominique ; Piessens, Frank. / Temporal safety for stack allocated memory on capability machines. 32nd IEEE Computer Security Foundations Symposium. IEEE, 2019. pp. 243-255 (IEEE Computer Security Foundations Symposium (CSF)).

BibTeX

@inproceedings{c5e33e8d217f451c93bbe19c252ac2f5,
title = "Temporal safety for stack allocated memory on capability machines",
abstract = "Memory capabilities as supported in capability machines are very similar to fat pointers, and hence are very useful for the efficient enforcement of spatial memory safety. Enforcing temporal memory safety however, is more challenging. This paper investigates an approach to enforce temporal memory safety for stack-allocated memory in C-like languages by extending capabilities with a simple dynamic mechanism. This mechanism ensures that capabilities with a certain lifetime can only be stored in memory that has a longer lifetime. Our mechanism prevents temporal memory safety violations, yet is sufficiently permissive to allow typical C coding idioms where addresses of local variables are passed up the call stack. We formalize the desired behavior of a simple C-like language as a dependently typed operational semantics, and we show that existing compilers to capability machines do not simulate this desired behavior: they either have to break temporal safety, or they have to defensively rule out allowed behaviors. Finally, we show that with our proposed dynamic mechanism, our compiler is fully abstract.",
keywords = "capabilities, temporal memory safety, machine-checked proof",
author = "Stelios Tsampas and Dominique Devriese and Frank Piessens",
year = "2019",
month = "6",
doi = "10.1109/CSF.2019.00024",
language = "English",
isbn = "978-1-7281-1408-8",
series = "IEEE Computer Security Foundations Symposium (CSF)",
publisher = "IEEE",
pages = "243--255",
booktitle = "32nd IEEE Computer Security Foundations Symposium",

}

RIS

TY - GEN

T1 - Temporal safety for stack allocated memory on capability machines

AU - Tsampas, Stelios

AU - Devriese, Dominique

AU - Piessens, Frank

PY - 2019/6

Y1 - 2019/6

N2 - Memory capabilities as supported in capability machines are very similar to fat pointers, and hence are very useful for the efficient enforcement of spatial memory safety. Enforcing temporal memory safety however, is more challenging. This paper investigates an approach to enforce temporal memory safety for stack-allocated memory in C-like languages by extending capabilities with a simple dynamic mechanism. This mechanism ensures that capabilities with a certain lifetime can only be stored in memory that has a longer lifetime. Our mechanism prevents temporal memory safety violations, yet is sufficiently permissive to allow typical C coding idioms where addresses of local variables are passed up the call stack. We formalize the desired behavior of a simple C-like language as a dependently typed operational semantics, and we show that existing compilers to capability machines do not simulate this desired behavior: they either have to break temporal safety, or they have to defensively rule out allowed behaviors. Finally, we show that with our proposed dynamic mechanism, our compiler is fully abstract.

AB - Memory capabilities as supported in capability machines are very similar to fat pointers, and hence are very useful for the efficient enforcement of spatial memory safety. Enforcing temporal memory safety however, is more challenging. This paper investigates an approach to enforce temporal memory safety for stack-allocated memory in C-like languages by extending capabilities with a simple dynamic mechanism. This mechanism ensures that capabilities with a certain lifetime can only be stored in memory that has a longer lifetime. Our mechanism prevents temporal memory safety violations, yet is sufficiently permissive to allow typical C coding idioms where addresses of local variables are passed up the call stack. We formalize the desired behavior of a simple C-like language as a dependently typed operational semantics, and we show that existing compilers to capability machines do not simulate this desired behavior: they either have to break temporal safety, or they have to defensively rule out allowed behaviors. Finally, we show that with our proposed dynamic mechanism, our compiler is fully abstract.

KW - capabilities

KW - temporal memory safety

KW - machine-checked proof

U2 - 10.1109/CSF.2019.00024

DO - 10.1109/CSF.2019.00024

M3 - Conference paper

SN - 978-1-7281-1408-8

T3 - IEEE Computer Security Foundations Symposium (CSF)

SP - 243

EP - 255

BT - 32nd IEEE Computer Security Foundations Symposium

PB - IEEE

ER -

ID: 46086359