Security Properties for Stack Safety

by   Sean Noble Anderson, et al.

What exactly does "stack safety" mean? The phrase is associated with a variety of compiler, run-time, and hardware mechanisms for protecting stack memory. But these mechanisms typically lack precise specifications, relying instead on informal descriptions and examples of bad behaviors that they prevent. We propose a formal characterization of stack safety, formulated with concepts from language-based security: a combination of an integrity property ("the private state in each caller's stack frame is held invariant by the callee"), a confidentiality property ("the callee's behavior is insensitive to the caller's private state"), and a well-bracketedness property ("each callee returns control to its immediate caller"). We use these properties to validate the stack-safety "micro-policies" proposed by Roessler and DeHon [2018]. Specifically, we check (with property-based random testing) that Roessler and Dehon's "eager" micro-policy, which catches violations as early as possible, enforces a simple "stepwise" variant of our properties and correctly detects several broken variants, and that (a repaired version of) their more performant "lazy" micro-policy corresponds to a slightly weaker and more extensional "observational" variant of our properties.



There are no comments yet.


page 1

page 2

page 3

page 4


ShadowGuard : Optimizing the Policy and Mechanism of Shadow Stack Instrumentation using Binary Static Analysis

A shadow stack validates on-stack return addresses and prevents arbitrar...

Bypassing memory safety mechanisms through speculative control flow hijacks

The prevalence of memory corruption bugs in the past decades resulted in...

The Meaning of Memory Safety

We propose a rigorous characterization of what it means for a programmin...

TriCheck: Memory Model Verification at the Trisection of Software, Hardware, and ISA

Memory consistency models (MCMs) which govern inter-module interactions ...

Hardware-Enforced Integrity and Provenance for Distributed Code Deployments

Deployed microservices must adhere to a multitude of application-level s...

Weird Machines as Insecure Compilation

Weird machines—the computational models accessible by exploiting securit...

Orion+: Automated Problem Diagnosis in Computing Systems by Mining Metric Data

This work presents the suspicious code at a finer granularity of call st...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.