Why is memory safety still a concern?

Abstract

Languages like C and C++ are the gold standard for implementing a wide range of software systems such as safety critical firmware, operating system kernels, and network protocol stacks for performance and flexibility reasons. As those languages do not guarantee the validity of memory accesses (i.e., enforce memory safety), seemingly benign program bugs can lead to silent memory corruption, difficult-to-diagnose crashes, and most importantly; security exploitation. Attackers can compromise the security of the whole computing ecosystem by exploiting a memory safety error with a suitably crafted input. Since the spread of Morris worm in 1988 and despite massive advances in memory safety error mitigations, memory safety errors have risen to be the most exploited vulnerabilities.

As part of my research studies in Columbia, I have worked on designing and implementing hardware primitives that provide fine-grained memory safety protection with low performance overheads compared to existing work. My ongoing work in this research include extending the above primitives to system level protection in addition to addressing their current limitations.

Publication
Ph.D Candidacy Exam

Related