Introduction

Memory-safety for application level software is not only critical for thwarting application attacks, but the techniques developed for user-space applications often form the basis of memory safety techniques for specialized software (e.g., operating systems). Below are some research papers that provide the foundation of memory safety research.

Memory Safety Papers

• AddressSanitizer: A Fast Address Sanity Checker
  Konstantin Serebryany, Derek Bruening, Alexander Potapenko, and Dmitry Vyukov.
  Proceedings of the 2012 USENIX Annual Technical Conference, June, 2012


• Light-weight Bounds Checking
  Niranjan Hasabnis, Ashish Misra, and R. Sekar.
  International Symposium on Code Generation and Optimization (CGO 2012), March, 2012


• CETS: Compiler Enforced Temporal Safety for C
  Santosh Nagarakatte, Jianzhou Zhao, Milo M K Martin and Steve Zdancewic.
  International Conference on Memory Management (ISMM 2010), June, 2010


• Baggy Bounds Checking: An Efficient and Backwards-Compatible Defense against Out-of-Bounds Errors
  Periklis Akritidis, Manuel Costa, Miguel Castro, and Steven Hand.
  Proceedings of the Eighteenth USENIX Security Symposium, Montreal, Canada, August 2009.


• SoftBound: Highly Compatible and Complete Spatial Memory Safety for C
  Santosh Nagarakatte, Jianzhou Zhao, Milo M. K. Martin, Steve Zdancewic.
  ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), 2009


• Implementation of the Memory-Safe Full ANSI-C Compiler
  Yutaka Oiwa
  ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), 2009


• Securing Software by Enforcing Data-Flow Integrity
  Miguel Castro, Manuel Costa, and Tim Harris
  Seventh USENIX Symposium on Operating Systems Design and Implementation, November 2006.


• Efficiently Detecting All Dangling Pointer Uses in Production Servers
  Dinakar Dhurjati and Vikram Adve.
  International Conference on Dependable Systems and Networks (DSN), June 2006


• SAFECode: Enforcing Alias Analysis for Weakly Typed Languages
  Dinakar Dhurjati, Sumant Kowshik, and Vikram Adve.
  ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), June 2006


• Backwards-Compatible Array Bounds Checking for C with Very Low Overhead
  Dinakar Dhurjati and Vikram Adve.
  International Conference on Software Engineering (ICSE), May 2006


• Enforcing Alias Analysis for Weakly Typed Languages
  Dinakar Dhurjati, Sumant Kowshik, and Vikram Adve.
  Technical Report #UIUCDCS-R-2005-2657, Computer Science Dept., University of Illinois, Nov 2005


• CCured: Type-safe Retrofitting of Legacy Software
  George C. Necula, Jeremy Condit, Matthew Harren, Scott McPeak, and Westley Weimer.
  ACM Transactions on Programming Languages and Systems (TOPLAS), May 2005.


• Memory Safety Without Garbage Collection for Embedded Applications
  Dinakar Dhurjati, Sumant Kowshik, Vikram Adve and Chris Lattner.
  ACM Transactions in Embedded Computing Systems (TECS) , February 2005.


• An Efficient and Backwards-Compatible Transformation to Ensure Memory Safety of C Programs
  Wei Xu, Daniel DuVarney, and R. Sekar
  ACM SIGSOFT International Symposium on the Foundations of Software Engineering (FSE 2004) Symposium , November 2004.


• A Practical Dynamic Buffer Overflow Detector
  Olatunji Ruwase and Monica S. Lam.
  Proceedings of the Network and Distributed System Security (NDSS) Symposium, February 2004.


• Bounds-Checking Entire Programs Without Recompiling
  Nicholas Nethercote and Jeremy Fitzhardinge.
  Informal Proceedings of the Second Workshop on Semantics, Program Analysis, and Computing Environments for Memory Management (SPACE 2004), Venice, Italy, January 2004.


• Memory Safety without Runtime Checks or Garbage Collection for Embedded Systems
  Dinakar Dhurjati, Sumant Kowshik, Vikram Adve and Chris Lattner.
  Languages Compilers and Tools for Embedded Systems (LCTES 2003), June 2003.


• Run-Time Type Checking for Binary Programs
  Michael Burrows, Stephen N. Freund, and Janet L. Wiener.
  Proceedings of the Twelfth International Conference on Compiler Construction, Warsaw, Poland, April 2003.


• Ensuring Code Safety without Runtime Checks for Real Time Control Systems
  Sumant Kowshik, Dinakar Dhurjati, Vikram Adve.
  International Conference on Compilers, Architecture and Synthesis for Embedded Systems (CASES), October 2002.


• Debugging via Run-Time Type Checking
  Alexey Loginov, Suan Hsi Yong, Susan Horwitz, and Thomas W. Reps
  Proceedings of the Fourth International Conference on Fundamental Approaches to Software Engineering (FASE 2001), Genova, Italy, April 2001.


• Backwards-Compatible Bounds Checking for Arrays and Pointers in C Programs
  Richard W. M. Jones and Paul H. J. Kelly.
  Third International Workshop on Automated Debugging, May 1997.


• Efficient Detection of All Pointer and Array Access Errors
  Todd M. Austin, Scott E. Breach, and Gurindar S. Sohi
  SIGPLAN Notices, Volume 29, Issue 6, June 1994.

General

Menageries

University of Illinois