Introduction
Memory-safety for application level software is not only critical for thwarting application attacks, but the techniques developed for user-space applications often form the basis of memory safety techniques for specialized software (e.g., operating systems). Below are some research papers that provide the foundation of memory safety research.
Memory Safety Papers
-
AddressSanitizer: A Fast Address Sanity Checker
Konstantin Serebryany, Derek Bruening, Alexander Potapenko, and Dmitry Vyukov.
Proceedings of the 2012 USENIX Annual Technical Conference, June, 2012 -
Light-weight Bounds Checking
Niranjan Hasabnis, Ashish Misra, and R. Sekar.
International Symposium on Code Generation and Optimization (CGO 2012), March, 2012 -
CETS: Compiler Enforced Temporal Safety for C
Santosh Nagarakatte, Jianzhou Zhao, Milo M K Martin and Steve Zdancewic.
International Conference on Memory Management (ISMM 2010), June, 2010 -
Baggy Bounds Checking: An Efficient and Backwards-Compatible Defense
against Out-of-Bounds Errors
Periklis Akritidis, Manuel Costa, Miguel Castro, and Steven Hand.
Proceedings of the Eighteenth USENIX Security Symposium, Montreal, Canada, August 2009. -
SoftBound: Highly Compatible and Complete Spatial Memory Safety for C
Santosh Nagarakatte, Jianzhou Zhao, Milo M. K. Martin, Steve Zdancewic.
ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), 2009 -
Implementation of the Memory-Safe Full ANSI-C Compiler
Yutaka Oiwa
ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), 2009 -
Securing Software by Enforcing Data-Flow Integrity
Miguel Castro, Manuel Costa, and Tim Harris
Seventh USENIX Symposium on Operating Systems Design and Implementation, November 2006. -
Efficiently Detecting All Dangling Pointer Uses in Production Servers
Dinakar Dhurjati and Vikram Adve.
International Conference on Dependable Systems and Networks (DSN), June 2006 -
SAFECode: Enforcing Alias Analysis for Weakly Typed Languages
Dinakar Dhurjati, Sumant Kowshik, and Vikram Adve.
ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), June 2006 -
Backwards-Compatible Array Bounds Checking for C with Very Low Overhead
Dinakar Dhurjati and Vikram Adve.
International Conference on Software Engineering (ICSE), May 2006 -
Enforcing Alias Analysis for Weakly Typed Languages
Dinakar Dhurjati, Sumant Kowshik, and Vikram Adve.
Technical Report #UIUCDCS-R-2005-2657, Computer Science Dept., University of Illinois, Nov 2005 -
CCured: Type-safe Retrofitting of Legacy Software
George C. Necula, Jeremy Condit, Matthew Harren, Scott McPeak, and Westley Weimer.
ACM Transactions on Programming Languages and Systems (TOPLAS), May 2005. -
Memory Safety Without Garbage Collection for Embedded Applications
Dinakar Dhurjati, Sumant Kowshik, Vikram Adve and Chris Lattner.
ACM Transactions in Embedded Computing Systems (TECS) , February 2005. -
An Efficient and Backwards-Compatible Transformation to Ensure Memory
Safety of C Programs
Wei Xu, Daniel DuVarney, and R. Sekar
ACM SIGSOFT International Symposium on the Foundations of Software Engineering (FSE 2004) Symposium , November 2004. -
A Practical Dynamic Buffer Overflow Detector
Olatunji Ruwase and Monica S. Lam.
Proceedings of the Network and Distributed System Security (NDSS) Symposium, February 2004. -
Bounds-Checking Entire Programs Without Recompiling
Nicholas Nethercote and Jeremy Fitzhardinge.
Informal Proceedings of the Second Workshop on Semantics, Program Analysis, and Computing Environments for Memory Management (SPACE 2004), Venice, Italy, January 2004. -
Memory Safety without Runtime Checks or Garbage Collection for Embedded
Systems
Dinakar Dhurjati, Sumant Kowshik, Vikram Adve and Chris Lattner.
Languages Compilers and Tools for Embedded Systems (LCTES 2003), June 2003. -
Run-Time Type Checking for Binary Programs
Michael Burrows, Stephen N. Freund, and Janet L. Wiener.
Proceedings of the Twelfth International Conference on Compiler Construction, Warsaw, Poland, April 2003. -
Ensuring Code Safety without Runtime Checks for Real Time Control
Systems
Sumant Kowshik, Dinakar Dhurjati, Vikram Adve.
International Conference on Compilers, Architecture and Synthesis for Embedded Systems (CASES), October 2002. -
Debugging via Run-Time Type Checking
Alexey Loginov, Suan Hsi Yong, Susan Horwitz, and Thomas W. Reps
Proceedings of the Fourth International Conference on Fundamental Approaches to Software Engineering (FASE 2001), Genova, Italy, April 2001. -
Backwards-Compatible Bounds Checking for Arrays and Pointers in C
Programs
Richard W. M. Jones and Paul H. J. Kelly.
Third International Workshop on Automated Debugging, May 1997. -
Efficient Detection of All Pointer and Array Access Errors
Todd M. Austin, Scott E. Breach, and Gurindar S. Sohi
SIGPLAN Notices, Volume 29, Issue 6, June 1994.