Candidate Talk: Critical Data Protection for Reliability and Security

Programs written in C and C++ are not memory safe, which renders them vulnerable to memory corruption. Memory corruption errors and attacks are a leading cause of program failures and security compromise today. Existing techniques for dealing with memory corruption take an “all-or-nothing” approach, in which the entire program has to be protected in order to provide guarantees about the application. This leads to high performance overheads and requires that the entire application code be available. In contrast to these approaches, I will introduce an approach called “Critical Data Protection”, which focuses on protecting a subset of application data that is important from a reliability or security point of view. This allows the application’s-data to be protected incrementally, at a cost proportional to the desired amount of protection.
I will present two techniques, Information-flow Signatures (IFS) to protect critical data from memory corruption attacks and Critical Memory (CM), to protect critical data from memory corruption errors. IFS extracts the backward dependencies of critical variables using static analysis, and encodes the dependencies in the form of a signature. The signature is compared at runtime with the observed dependencies, and a violation signals an attack. The IFS technique has been implemented using a combination of reconfigurable hardware and software. Critical Memory (CM) presents a new memory model that allows programmers to reason locally about updates to critical data in applications, while maintaining compatibility with third-party code and libraries. The software prototype of CM, Samurai, uses replication and forward error correction to ensure that the guarantees provided by CM are preserved at runtime. We have demonstrated both techniques on a variety of applications and libraries.