PhD Defence | How to Keep Your Memory Safe and Your Software Fast
Taddeus Kroes’s dissertation offers a toolbox of efficient memory safety solutions for common classes of bugs. The contributions focus on high performance and strong compatibility with existing software, in an effort to increase the availability of practical security measures. Kroes completed his research under the supervision of Herbert Bos and Cristiano Giuffrida (both from VU Amsterdam).
Decades of research have yielded a variety of automated program transformations that add security checks to otherwise insecure software. Current security solutions typically provide very strong security guarantees against a high cost in performance and compatibility with off-the-shelf software. Unfortunately, the cost has proven to be too high for software vendors, and as a result many widely used programs (such as Internet browsers) remain unprotected today.
To lower the threshold of adoption, this dissertation explores the other side of the trade-off between security, performance, and compatibility. Instead of setting the highest standard for security and adding slow security checks accordingly, it builds fast single-purpose security checks to prevent exploitation of common memory corruption bugs, without breaking compatibility with benign programming patterns. The work encompasses three novel security solutions for both spatial and temporal memory errors.In addition, the thesis presents a new tool to “lift” software to a representation at the level of program source code during execution. This allows retrofitting of security checks in software that has already been compiled to machine code, and for which source code is not readily available.