一些广为人之的#
- NX
- ASLR
- stack canary
- PIE(Position-Independent Executable)
- RELRO
Buffer overflow detection#
redzone#
- Purify: Fast detection of memory leaks and access errors.[1992]
- Lightweight bounds checking.[2012]
- ASan: Addresssanitizer: A fast address sanity checker.[2012]
- Valgrind: a framework for heavyweight dynamic binary instrumentation.[2007]
bounds checking#
- Backwardscompatible bounds checking for arrays and pointers in c programs.[1997]
- CRED: A practical dynamic buffer overflow detector.[2004]
- Backwardscompatible array bounds checking for c with very low overhead.[2006]
- Baggy bounds checking: An efficient and backwards-compatible defense against out-of-bounds errors.[2009]
- Paricheck: an efficient pointer arithmetic checker for c programs.[2010]
- Heap bounds protection with low fat pointers.[2016]
- Low-fat pointers: compact encoding and efficient gate-level implementation of fat pointers for spatial safety and capabilitybased security.[2013]
- EffectiveSan: Type and memory error detection using dynamically typed c/c++.[2018]
- Softbound: Highly compatible and complete spatial memory safety for c.[2009]
- Sgxbounds: Memory safety for shielded execution.[2017]
- Fast and generic metadata management with mid-fat pointers.[2017]
- MPX: Intel mpx explained: A cross-layer analysis of the intel mpx system stack.[2018]
- Cup: Comprehensive user-space protection for c/c++.[2018]
- Framer: A tagged-pointer capability system with memory safety applications.[2019]
- Pico: A presburger in-bounds check optimization for compilerbased memory safety instrumentations.[2021]
page protection#
Pointer tagging#
- SafeC: Efficient detection of all pointer and array access errors.[1994]
- Cyclone: a safe dialect of c.[2002]
- Ccured: Type-safe retrofitting of legacy code.[2002]
- The cheri capability model: Revisiting risc in an age of risk.[2014]
- Cherivoke: Characterising pointer revocation using cheri capabilities for temporal memory safety.[2019]
- Baggy bounds checking: An efficient and backwards-compatible defense against out-of-bounds errors.[2009]
- Delta pointers: Buffer overflow checks without the checks.[2018]
- HeapCheck: Lowcost hardware support for memory safety.[2022]
- Pacmem: Enforcing spatial and temporal memory safety via arm pointer authentication.[2022]
- No-fat: Architectural support for low overhead memory safety checks.[2021]
Use-After-Free detection#
- Cets: Compiler enforced temporal safety for c.[2010]
- Vik: Practical mitigation of temporal memory safety violations through object id inspection.[2022]
- xtag: Mitigating use-after-free vulnerabilities via software-based pointer tagging on intel x86-64.[2022]
- MTE
- SSM(Silicon Secured Memory)
- Memory tagging and how it improves c/c++ memory safety.[2018]
- Undangle: Early detection of dangling pointers in use-after-free and double-free vulnerabilities.[2012]
- Freesentry: protecting against use-afterfree vulnerabilities due to dangling pointers.[2015]
- Preventing use-after-free with dangling pointers nullification.[2015]
- Dangsan: Scalable use-after-free detection.[2017]
- Bogo: Buy spatial memory safety, get temporal memory safety (almost) free.[2019]
- Efficiently detecting all dangling pointer uses in production servers.[2006]
- Oscar: A practical page-permissions-based scheme for thwarting dangling pointers.[2017]
- Dangzero: Efficient use-after-free detection via direct page table access.[2022]
Unintialized memory read#
- Purify
- Valgrind
- Unisan: Proactive kernel memory initialization to eliminate data leakages.[2016]
- Safelnit: Comprehensive and practical mitigation of uninitialized read vulnerabilities.[2017]