Safe manual memory management in Cyclone

Swamy, Nikhil; Hicks, Michael; Morrisett, Greg; Grossman, Dan; Jim, Trevor

doi:10.1016/j.scico.2006.02.003

Cited by 38 publications

(35 citation statements)

References 41 publications

(51 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Related systems include Cyclone [17] and CCured [22], but both of these require representation-modifying compilation (e.g., to introduce so-called "fat" pointers). All three systems have been used to write kernel components [38,10,33], but to date none has proven practical for a complete kernel. We observe that some of Deputy's annotations would be useful in our SBCFI implementation, though we do not require annotations on or within functions, and would not require special compilation.…”

Section: Related Workmentioning

confidence: 99%

Automated detection of persistent kernel control-flow attacks

Petroni

Hicks

2007

Proceedings of the 14th ACM Conference on Computer and Communications Security

Self Cite

218

138

View full text Add to dashboard Cite

This paper presents a new approach to dynamically monitoring operating system kernel integrity, based on a property called state-based control-flow integrity (SBCFI). Violations of SBCFI signal a persistent, unexpected modification of the kernel's control-flow graph. We performed a thorough analysis of 25 Linux rootkits and found that 24 (96%) employ persistent control-flow modifications; an informal study of Windows rootkits yielded similar results. We have implemented SBCFI enforcement as part of the Xen and VMware virtual machine monitors. Our implementation detected all the control-flow modifying rootkits we could install, while imposing negligible overhead for both a typical web server workload and CPU-intensive workloads when operating at 1 second intervals on a multi-core machine.

show abstract

Section: Related Workmentioning

confidence: 99%

Automated detection of persistent kernel control-flow attacks

Petroni

Hicks

2007

Proceedings of the 14th ACM Conference on Computer and Communications Security

Self Cite

218

138

View full text Add to dashboard Cite

show abstract

“…Naturally, the concept of group, or region, has received sustained interest in the literature [11,12,16,32]. Regions are usually viewed either as a dynamic memory management mechanism or as a purely static concept.…”

Section: Discussionmentioning

confidence: 99%

Programming with permissions in Mezzo

PottierFrançois

ProtzenkoJonathan

2013

SIGPLAN Not.

View full text Add to dashboard Cite

We present Mezzo, a typed programming language of ML lineage. Mezzo is equipped with a novel static discipline of duplicable and affine permissions, which controls aliasing and ownership. This rules out certain mistakes, including representation exposure and data races, and enables new idioms, such as gradual initialization, memory re-use, and (type)state changes. Although the core static discipline disallows sharing a mutable data structure, Mezzo offers several ways of working around this restriction, including a novel dynamic ownership control mechanism which we dub "adoption and abandon".

show abstract

“…Certain more recent systems do include duplicable references with non-duplicable content, with the restriction that these references cannot be read: they support only the "swap" and "write" operations (Ahmed et al, 2005;Swamy et al, 2006;Tov & Pucella, 2011). Our approach offers a re-construction of these duplicable references with affine content.…”

Section: Commentsmentioning

confidence: 99%

Syntactic soundness proof of a type-and-capability system with hidden state

Pottier¹

2012

J. Funct. Prog.

View full text Add to dashboard Cite

This paper presents a formal definition and machine-checked soundness proof for a very expressive type-and-capability system, that is, a low-level type system that keeps precise track of ownership and side effects.The programming language has first-class functions and references. The type system's features include: universal, existential, and recursive types; subtyping; a distinction between affine and unrestricted data; support for strong updates; support for naming values and heap fragments, via singleton and group regions; a distinction between ordinary values (which exist at runtime) and capabilities (which don't); support for dynamic re-organizations of the ownership hierarchy, by dis-assembling and re-assembling capabilities; support for temporarily or permanently hiding a capability, via frame and anti-frame rules.One contribution of the paper is the definition of the type-and-capability system itself. We present the system as modularly as possible. In particular, at the core of the system, the treatment of affinity, in the style of dual intuitionistic linear logic, is formulated in terms of an arbitrary monotonic separation algebra, a novel axiomatization of resources, ownership, and the manner in which they evolve with time. Only the peripheral layers of the system are aware that we are dealing with a specific monotonic separation algebra, whose resources are references and regions. This semiabstract organization should facilitate further extensions of the system with new forms of resources.The other main contribution is a machine-checked proof of type soundness. The proof is carried out in Wright and Felleisen's syntactic style. This offers evidence that this relatively simple-minded proof technique can scale up to systems of this complexity, and constitutes a viable alternative to more sophisticated semantic proof techniques. We do not claim that the syntactic technique is superior: we simply illustrate how it is used and highlight its strengths and shortcomings.

show abstract

Safe manual memory management in Cyclone

Cited by 38 publications

References 41 publications

Automated detection of persistent kernel control-flow attacks

Automated detection of persistent kernel control-flow attacks

Programming with permissions in Mezzo

Syntactic soundness proof of a type-and-capability system with hidden state

Contact Info

Product

Resources

About