thesis/context: work on introduction
* Explain some of Memory-Management * Explain CWE with relevant examples * Add CWE-119 Statistics
This commit is contained in:
parent
c32d440432
commit
f50dd56fff
13 changed files with 638 additions and 395 deletions
|
|
@ -3,190 +3,14 @@ Any changes to this file will be lost if it is regenerated by Mendeley.
|
|||
|
||||
BibTeX export options can be customized via Options -> BibTeX in Mendeley Desktop
|
||||
|
||||
@article{Reed2015,
|
||||
abstract = {Rust is a new systems language that uses some advanced type system features, specifically affine types and regions, to statically guarantee memory safety and eliminate the need for a garbage collector. While each individual addition to the type system is well understood in isolation and are known to be sound, the combined system is not known to be sound. Furthermore, Rust uses a novel checking scheme for its regions, known as the Borrow Checker, that is not known to be correct. Since Rust's goal is to be a safer alternative to C/C++, we should ensure that this safety scheme actually works. We present a formal semantics that captures the key features relevant to memory safety, unique pointers and borrowed references, specifies how they guarantee memory safety, and describes the operation of the Borrow Checker. We use this model to prove the soudness of some core operations and justify the conjecture that the model, as a whole, is sound. Additionally, our model provides a syntactic version of the Borrow Checker, which may be more understandable than the non-syntactic version in Rust.},
|
||||
author = {Reed, Eric},
|
||||
file = {:home/steveej/src/github/steveej/msc-thesis/docs/Patina$\backslash$: A Formalization of the Rust Programming Language.pdf:pdf},
|
||||
number = {February},
|
||||
pages = {1--37},
|
||||
title = {{Patina: A Formalization of the Rust Programming Language}},
|
||||
year = {2015}
|
||||
}
|
||||
@article{Dhurjati2003,
|
||||
abstract = {Traditional approaches to enforcing memory safety of programs rely heavily on runtime checks of memory accesses and on garbage collection, both of which are unattractive for embedded applications. The long-term goal of our work is to enable 100{\%} static enforcement of memory safety for embedded programs through advanced compiler techniques and minimal semantic restrictions on programs. The key result of this paper is a compiler technique that ensures memory safety of dynamically allocated memory without programmer annotations, runtime checks, or garbage collection, and works for a large subclass of type-safe C programs. The technique is based on a fully automatic pool allocation (i.e., region-inference) algorithm for C programs we developed previously, and it ensures safety of dynamically allocated memory while retaining explicit deallocation of individual objects within regions (to avoid garbage collection). For a diverse set of embedded C programs (and using a previous technique to avoid null pointer checks), we show that we are able to statically ensure the safety of pointer and dynamic memory usage in all these programs. We also describe some improvements over our previous work in static checking of array accesses. Overall, we achieve 100{\%} static enforcement of memory safety without new language syntax for a significant subclass of embedded C programs, and the subclass is much broader if array bounds checks are ignored.},
|
||||
author = {Dhurjati, D and Kowshik, S and Adve, V and Lattner, C},
|
||||
doi = {10.1145/780742.780743},
|
||||
file = {:home/steveej/src/github/steveej/msc-thesis/docs/Memory Safety Without Runtime Checks or Garbage.pdf:pdf},
|
||||
isbn = {0362-1340},
|
||||
issn = {03621340},
|
||||
journal = {Acm Sigplan Notices},
|
||||
keywords = {automatic pool allocation,compilers,embedded systems,languages,programming languages,region management,security,static analysis},
|
||||
number = {7},
|
||||
pages = {69--80},
|
||||
title = {{Memory safety without runtime checks or garbage collection}},
|
||||
volume = {38},
|
||||
year = {2003}
|
||||
}
|
||||
@inproceedings{Kuznetsov2014,
|
||||
abstract = {Systems code is often written in low-level languages like C/C++, which offer many benefits but also dele- gate memory management to programmers. This invites memory safety bugs that attackers can exploit to divert control flow and compromise the system. Deployed de- fense mechanisms (e.g., ASLR, DEP) are incomplete, and stronger defense mechanisms (e.g., CFI) often have high overhead and limited guarantees [19, 15, 9]. We introduce code-pointer integrity (CPI), a new de- sign point that guarantees the integrity of all code point- ers in a program (e.g., function pointers, saved return ad- dresses) and thereby prevents all control-flow hijack at- tacks, including return-oriented programming. We also introduce code-pointer separation (CPS), a relaxation of CPI with better performance properties. CPI and CPS offer substantially better security-to-overhead ratios than the state of the art, they are practical (we protect a complete FreeBSD system and over 100 packages like apache and postgresql), effective (prevent all attacks in the RIPE benchmark), and efficient: on SPEC CPU2006, CPS averages 1.2{\%} overhead for C and 1.9{\%} for C/C++, while CPI's overhead is 2.9{\%} for C and 8.4{\%} for C/C++. A prototype implementation of CPI and CPS can be obtained from http://levee.epfl.ch. 1},
|
||||
author = {Kuznetsov, Volodymyr and Szekeres, L{\'{a}}szl{\'{o}} and Payer, Mathias},
|
||||
booktitle = {Proceedings of the 11th USENIX Symposium on Operating Systems Design and Implementation},
|
||||
isbn = {9781931971164},
|
||||
pages = {147--163},
|
||||
title = {{Code-pointer integrity}},
|
||||
url = {https://www.usenix.org/conference/osdi14/technical-sessions/presentation/kuznetsov{\%}5Cnhttps://www.usenix.org/system/files/conference/osdi14/osdi14-paper-kuznetsov.pdf?utm{\_}source=dlvr.it{\&}utm{\_}medium=tumblr},
|
||||
year = {2014}
|
||||
}
|
||||
@article{Merity2016,
|
||||
abstract = {Recent neural network sequence models with softmax classifiers have achieved their best language modeling performance only with very large hidden states and large vocabularies. Even then they struggle to predict rare or unseen words even if the context makes the prediction unambiguous. We introduce the pointer sentinel mixture architecture for neural sequence models which has the ability to either reproduce a word from the recent context or produce a word from a standard softmax classifier. Our pointer sentinel-LSTM model achieves state of the art language modeling performance on the Penn Treebank (70.9 perplexity) while using far fewer parameters than a standard softmax LSTM. In order to evaluate how well language models can exploit longer contexts and deal with more realistic vocabularies and larger corpora we also introduce the freely available WikiText corpus.},
|
||||
archivePrefix = {arXiv},
|
||||
arxivId = {1609.07843},
|
||||
author = {Merity, Stephen and Xiong, Caiming and Bradbury, James and Socher, Richard},
|
||||
eprint = {1609.07843},
|
||||
journal = {Arxiv},
|
||||
title = {{Pointer Sentinel Mixture Models}},
|
||||
url = {http://arxiv.org/abs/1609.07843},
|
||||
year = {2016}
|
||||
}
|
||||
@article{Chisnall2015,
|
||||
abstract = {We propose a new memory-safe interpretation of the C ab-stract machine that provides stronger protection to benefit security and debugging. Despite ambiguities in the specifi-cation intended to provide implementation flexibility, con-temporary implementations of C have converged on a mem-ory model similar to the PDP-11, the original target for C. This model lacks support for memory safety despite well-documented impacts on security and reliability. Attempts to change this model are often hampered by as-sumptions embedded in a large body of existing C code, dat-ing back to the memory model exposed by the original C compiler for the PDP-11. Our experience with attempting to implement a memory-safe variant of C on the CHERI ex-perimental microprocessor led us to identify a number of problematic idioms. We describe these as well as their in-teraction with existing memory safety schemes and the as-sumptions that they make beyond the requirements of the C specification. Finally, we refine the CHERI ISA and abstract model for C, by combining elements of the CHERI capabil-ity model and fat pointers, and present a softcore CPU that implements a C abstract machine that can run legacy C code with strong memory protection guarantees.},
|
||||
author = {Chisnall, David and Rothwell, Colin and Watson, Robert N M and Woodruff, Jonathan and Vadera, Munraj and Moore, Simon W and Roe, Michael and Davis, Brooks and Neumann, Peter G},
|
||||
doi = {10.1145/2694344.2694367},
|
||||
file = {:home/steveej/src/github/steveej/msc-thesis/docs/Beyond the PDP-11$\backslash$: Architectural support for a memory-safe C abstract machine.pdf:pdf},
|
||||
isbn = {9781450328357},
|
||||
issn = {01635964},
|
||||
journal = {Proceedings of the Twentieth International Conference on Architectural Support for Programming Languages and Operating Systems},
|
||||
pages = {117--130},
|
||||
title = {{Beyond the PDP-11 : Architectural support for a memory-safe C abstract machine}},
|
||||
url = {http://www.cl.cam.ac.uk/research/security/ctsrd/pdfs/201503-asplos2015-cheri-cmachine.pdf},
|
||||
year = {2015}
|
||||
}
|
||||
@article{Arpaci-Dusseau2015,
|
||||
abstract = {A book covering the fundamentals of operating systems, including virtualization of the CPU and memory, threads and concurrency, and file and storage systems. Written by professors active in the field for 20 years, this text has been developed in the classrooms of the University of Wisconsin-Madison, and has been used in the instruction of thousands of students.},
|
||||
author = {{Arpaci-Dusseau Remzi}, Arpaci-Dusseau Andrea},
|
||||
file = {:home/steveej/src/github/steveej/msc-thesis/docs/operating{\_}systems{\_}{\_}three{\_}easy{\_}pieces{\_}{\_}electronic{\_}version{\_}0{\_}91{\_}.pdf:pdf},
|
||||
journal = {Arpaci-Dusseau},
|
||||
number = {0.91},
|
||||
pages = {665},
|
||||
title = {{Operating Systems: Three Easy Pieces}},
|
||||
volume = {Electronic},
|
||||
year = {2015}
|
||||
}
|
||||
@article{Szekeres2013,
|
||||
abstract = {Memory corruption bugs in software written in low-level languages like C or C++ are one of the oldest problems in computer security. The lack of safety in these languages allows attackers to alter the program's behavior or take full control over it by hijacking its control flow. This problem has existed for more than 30 years and a vast number of potential solutions have been proposed, yet memory corruption attacks continue to pose a serious threat. Real world exploits show that all currently deployed protections can be defeated. This paper sheds light on the primary reasons for this by describing attacks that succeed on today's systems. We systematize the current knowledge about various protection techniques by setting up a general model for memory corrup- tion attacks. Using this model we show what policies can stop which attacks. The model identifies weaknesses of currently deployed techniques, as well as other proposed protections enforcing stricter policies. We analyze the reasons why protection mechanisms imple- menting stricter polices are not deployed. To achieve wide adoption, protection mechanisms must support a multitude of features and must satisfy a host of requirements. Especially important is performance, as experience shows that only solutions whose overhead is in reasonable bounds get deployed. A comparison of different enforceable policies helps de- signers of new protection mechanisms in finding the balance between effectiveness (security) and efficiency.We identify some open research problems, and provide suggestions on improving the adoption of newer techniques.},
|
||||
author = {Szekeres, L??szl?? and Payer, Mathias and Wei, Tao and Song, Dawn},
|
||||
doi = {10.1109/SP.2013.13},
|
||||
file = {:home/steveej/src/github/steveej/msc-thesis/docs/SoK$\backslash$: Eternal War in Memory.pdf:pdf},
|
||||
isbn = {9780769549774},
|
||||
issn = {10816011},
|
||||
journal = {Proceedings - IEEE Symposium on Security and Privacy},
|
||||
pages = {48--62},
|
||||
title = {{SoK: Eternal war in memory}},
|
||||
year = {2013}
|
||||
}
|
||||
@article{Corporation2011,
|
||||
abstract = {The Intel{\{}$\backslash$textregistered{\}} 64 and IA-32 Architectures Software Developer's Manual, Volume 1, describes the basic architecture and programming environment of Intel 64 and IA-32 processors. The Intel{\{}$\backslash$textregistered{\}} 64 and IA-32 Architectures Software Developer's Manual, Volumes 2A {\&} 2B, describe the instruction set of the processor and the opcode struc- ture. These volumes apply to application programmers and to programmers who write operating systems or executives. The Intel{\{}$\backslash$textregistered{\}} 64 and IA-32 Architectures Software Developer's Manual, Volumes 3A {\&} 3B, describe the operating-system support environment of Intel 64 and IA-32 processors. These volumes target operating- system and BIOS designers. In addition, the Intel{\{}$\backslash$textregistered{\}} 64 and IA-32 Architectures Software Developer's Manual, Volume 3B, addresses the programming environment for classes of software that host operating systems.},
|
||||
author = {Corporation, Intel},
|
||||
doi = {10.1109/MAHC.2010.22},
|
||||
file = {:home/steveej/src/github/steveej/msc-thesis/docs/64-ia-32-architectures-software-developer-system-programming-manual-325384.pdf:pdf},
|
||||
isbn = {253665-057US},
|
||||
issn = {15222594},
|
||||
journal = {System},
|
||||
keywords = {253665,IA-32 architecture,Intel 64},
|
||||
number = {253665},
|
||||
title = {{Intel {\textregistered} 64 and IA-32 Architectures Software Developer ' s Manual Volume 3}},
|
||||
volume = {3},
|
||||
year = {2011}
|
||||
}
|
||||
@article{Caballero2012,
|
||||
abstract = {Use-after-free vulnerabilities are rapidly growing in popularity, especially for exploiting web browsers. Use-after-free (and double-free) vulnerabilities are caused by a program operating on a dangling pointer. In this work we propose early detection, a novel runtime approach for finding and diagnosing use-after-free and double-free vulnerabilities. While previous work focuses on the creation of the vulnerability (i.e., the use of a dangling pointer), early detection shifts the focus to the creation of the dangling pointer(s) at the root of the vulnerability. Early detection increases the effectiveness of testing by identifying unsafe dangling pointers in executions where they are created but not used. It also accelerates vulnerability analysis and minimizes the risk of incomplete fixes, by automatically collecting information about all dangling pointers involved in the vulnerability. We implement our early detection technique in a tool called Undangle. We evaluate Undangle for vulnerability analysis on 8 real-world vulnerabilities. The analysis uncovers that two separate vulnerabilities in Firefox had a common root cause and that their patches did not completely fix the underlying bug. We also evaluate Undangle for testing on the Firefox web browser identifying a potential vulnerability.},
|
||||
author = {Caballero, Juan and Grieco, Gustavo and Marron, Mark and Nappa, Antonio},
|
||||
doi = {10.1145/2338965.2336769},
|
||||
isbn = {9781450314541},
|
||||
issn = {1450314546},
|
||||
journal = {ISSTA},
|
||||
keywords = {automated testing,binary analysis,debugging,dynamic analysis},
|
||||
pages = {133},
|
||||
title = {{Undangle: early detection of dangling pointers in use-after-free and double-free vulnerabilities}},
|
||||
url = {http://dl.acm.org/citation.cfm?doid=2338965.2336769},
|
||||
year = {2012}
|
||||
}
|
||||
@book{AMD64Vol2,
|
||||
author = {AMD},
|
||||
file = {:home/steveej/src/github/steveej/msc-thesis/docs/AMD64 Architecture Programmer's Manual Volume 2$\backslash$: System Programming.pdf:pdf},
|
||||
keywords = {24593,AMD64 Architecture Programmer's Manual Volume 2: S},
|
||||
number = {24592},
|
||||
title = {{AMD64 Architecture Programmer's Manual Volume 2: System Programming}},
|
||||
volume = {1},
|
||||
year = {2012}
|
||||
}
|
||||
@article{Levy2015a,
|
||||
abstract = {Rust, a new systems programming language, provides compile-time memory safety checks to help eliminate runtime bugs that manifest from improper memory management. This feature is advantageous for operating system development, and especially for embedded OS development, where recovery and debugging are particularly challenging. However, embedded platforms are highly event-based, and Rust's memory safety mechanisms largely presume threads. In our experience developing an operating system for embedded systems in Rust, we have found that Rust's ownership model prevents otherwise safe resource sharing common in the embedded domain, conflicts with the reality of hardware resources, and hinders using closures for programming asynchronously. We describe these experiences and how they relate to memory safety as well as illustrate our workarounds that preserve the safety guarantees to the largest extent possible. In addition, we draw from our experience to propose a new language extension to Rust that would enable it to provide better memory safety tools for event-driven platforms.},
|
||||
author = {Levy, Amit and Andersen, Michael P. and Campbell, Bradford and Culler, David and Dutta, Prabal and Ghena, Branden and Levis, Philip and Pannuto, Pat},
|
||||
doi = {10.1145/2818302.2818306},
|
||||
file = {:home/steveej/src/github/steveej/msc-thesis/docs/tock-plos2015.pdf:pdf},
|
||||
isbn = {9781450339421},
|
||||
journal = {PLOS: Workshop on Programming Languages and Operating Systems},
|
||||
keywords = {embedded operating systems,linear types,ownership,rust},
|
||||
pages = {21--26},
|
||||
title = {{Ownership is Theft: Experiences Building an Embedded OS in Rust}},
|
||||
url = {http://dl.acm.org/citation.cfm?id=2818302.2818306},
|
||||
year = {2015}
|
||||
}
|
||||
@inproceedings{Ma2013,
|
||||
abstract = {—Aiming at the problem of higher memory consumption and lower execution efficiency during the dynamic detecting to C/C++ programs memory vulnerabilities, this paper presents a dynamic detection method called ISC. The ISC improves the Safe-C using pointer analysis technology. Firstly, the ISC defines a simple and efficient fat pointer representation instead of the safe pointer in the Safe-C. Furthermore, the ISC uses the unification-based analysis algorithm with one level flow static pointer. This identification reduces the number of pointers that need to be converted to fat pointers. Then in the process of program running, the ISC detects memory vulnerabilities through constantly inspecting the attributes of fat pointers. Experimental results indicate that the ISC could detect memory vulnerabilities such as buffer overflows and dangling pointers. Comparing with the Safe-C, the ISC dramatically reduces the memory consumption and lightly improves the execution efficiency.},
|
||||
author = {Ma, Rui and Chen, Lingkui and Hu, Changzhen and Xue, Jingfeng and Zhao, Xiaolin},
|
||||
booktitle = {Proceedings - 2013 IEEE 11th International Conference on Dependable, Autonomic and Secure Computing, DASC 2013},
|
||||
doi = {10.1109/DASC.2013.37},
|
||||
file = {:home/steveej/src/github/steveej/msc-thesis/docs/A Dynamic Detection Method to C-C++ Programs Memory Vulnerabilities Based on Pointer Analysis.pdf:pdf},
|
||||
isbn = {9781479933815},
|
||||
keywords = {dynamic detecting,fat pointer,improved Safe-C,memory vulnerability,pointer analysis},
|
||||
pages = {52--57},
|
||||
title = {{A dynamic detection method to C/C++ programs memory vulnerabilities based on pointer analysis}},
|
||||
year = {2013}
|
||||
}
|
||||
@book{AMD64Vol1,
|
||||
author = {AMD},
|
||||
file = {:home/steveej/src/github/steveej/msc-thesis/docs/AMD64 Architecture Programmer's Manual Volume 1$\backslash$: Application Programming.pdf:pdf},
|
||||
keywords = {AMD64,SIMD,extended media instructions,legacy m},
|
||||
number = {26568},
|
||||
title = {{AMD64 Architecture Programmer's Manual Volume 1: Application Programming}},
|
||||
volume = {4},
|
||||
year = {2012}
|
||||
}
|
||||
@article{Getreu2016,
|
||||
author = {Getreu, Jens},
|
||||
file = {:home/steveej/src/github/steveej/msc-thesis/docs/Embedded System Security with Rust - Case Study of Heartbleed.pdf:pdf},
|
||||
pages = {1--24},
|
||||
title = {{Embedded System Security with Rust}},
|
||||
year = {2016}
|
||||
}
|
||||
@article{Corporation2011a,
|
||||
abstract = {The Intel{\{}$\backslash$textregistered{\}} 64 and IA-32 Architectures Software Developer's Manual, Volume 1, describes the basic architecture and programming environment of Intel 64 and IA-32 processors. The Intel{\{}$\backslash$textregistered{\}} 64 and IA-32 Architectures Software Developer's Manual, Volumes 2A {\&} 2B, describe the instruction set of the processor and the opcode struc- ture. These volumes apply to application programmers and to programmers who write operating systems or executives. The Intel{\{}$\backslash$textregistered{\}} 64 and IA-32 Architectures Software Developer's Manual, Volumes 3A {\&} 3B, describe the operating-system support environment of Intel 64 and IA-32 processors. These volumes target operating- system and BIOS designers. In addition, the Intel{\{}$\backslash$textregistered{\}} 64 and IA-32 Architectures Software Developer's Manual, Volume 3B, addresses the programming environment for classes of software that host operating systems.},
|
||||
author = {Corporation, Intel},
|
||||
doi = {10.1109/MAHC.2010.22},
|
||||
file = {:home/steveej/src/github/steveej/msc-thesis/docs/64-ia-32-architectures-software-developer-vol-1-manual.pdf:pdf},
|
||||
isbn = {253665-057US},
|
||||
issn = {15222594},
|
||||
journal = {System},
|
||||
keywords = {253665,64,ia 32 architecture},
|
||||
number = {253665},
|
||||
title = {{Intel {\textregistered} 64 and IA-32 Architectures Software Developer ' s Manual Volume 1}},
|
||||
volume = {1},
|
||||
year = {2011}
|
||||
}
|
||||
@article{Nilsson2017,
|
||||
author = {Nilsson, Fredrik},
|
||||
file = {:home/steveej/src/github/steveej/msc-thesis/docs/A Rust-based Runtime for the Internet of Things.pdf:pdf},
|
||||
title = {{A Rust-based Runtime for the Internet of Things}},
|
||||
@misc{MITRE-CWE-119,
|
||||
author = {MITRE},
|
||||
booktitle = {2.11},
|
||||
title = {{CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer}},
|
||||
url = {http://cwe.mitre.org/data/definitions/119.html},
|
||||
urldate = {2017-08-31},
|
||||
year = {2017}
|
||||
}
|
||||
@article{Affairs2015,
|
||||
author = {Affairs, Post Doctoral},
|
||||
file = {:home/steveej/src/steveej/msc-thesis/docs/You can't spell trust without Rust.pdf:pdf},
|
||||
title = {{YOU CAN ' T SPELL TRUST WITHOUT RUST alexis beingessner Master ' s in Computer Science Carleton University}},
|
||||
year = {2015}
|
||||
}
|
||||
@article{Xu2015,
|
||||
abstract = {Since vulnerabilities in Linux kernel are on the increase, attackers have turned their interests into related exploitation techniques. However, compared with numerous researches on exploiting use-after-free vulnerabilities in the user applications, few efforts studied how to exploit use-after-free vulnerabilities in Linux kernel due to the difficulties that mainly come from the uncertainty of the kernel memory layout. Without specific information leakage, attackers could only conduct a blind memory overwriting strategy trying to corrupt the critical part of the kernel, for which the success rate is negligible. In this work, we present a novel memory collision strategy to exploit the use-after-free vulnerabilities in Linux kernel reliably. The insight of our exploit strategy is that a probabilistic memory collision can be constructed according to the widely deployed kernel memory reuse mechanisms, which significantly increases the success rate of the attack. Based on this insight, we present two practical memory collision attacks: An object-based attack that leverages the memory recycling mechanism of the kernel allocator to achieve freed vulnerable object covering, and a physmap-based attack that takes advantage of the overlap between the physmap and the SLAB caches to achieve a more flexible memory manipulation. Our proposed attacks are universal for various Linux kernels of different architectures and could successfully exploit systems with use-after-free vulnerabilities in kernel. Particularly, we achieve privilege escalation on various popular Android devices (kernel version{\textgreater}=4.3) including those with 64-bit processors by exploiting the CVE-2015-3636 use-after-free vulnerability in Linux kernel. To our knowledge, this is the first generic kernel exploit for the latest version of Android. Finally, to defend this kind of memory collision, we propose two corresponding mitigation schemes.},
|
||||
author = {Xu, Wen and Li, Juanru and Shu, Junliang and Yang, Wenbo and Xie, Tianyi and Zhang, Yuanyuan and Gu, Dawu},
|
||||
|
|
@ -201,17 +25,30 @@ title = {{From Collision To Exploitation: Unleashing Use-After-Free Vulnerabilit
|
|||
url = {http://dl.acm.org/citation.cfm?doid=2810103.2813637},
|
||||
year = {2015}
|
||||
}
|
||||
@misc{Endler,
|
||||
author = {Endler, Matthias},
|
||||
title = {{A curated list of static analysis tools, linters and code quality checkers for various programming languages}},
|
||||
url = {https://github.com/mre/awesome-static-analysis}
|
||||
@article{Szekeres2013,
|
||||
abstract = {Memory corruption bugs in software written in low-level languages like C or C++ are one of the oldest problems in computer security. The lack of safety in these languages allows attackers to alter the program's behavior or take full control over it by hijacking its control flow. This problem has existed for more than 30 years and a vast number of potential solutions have been proposed, yet memory corruption attacks continue to pose a serious threat. Real world exploits show that all currently deployed protections can be defeated. This paper sheds light on the primary reasons for this by describing attacks that succeed on today's systems. We systematize the current knowledge about various protection techniques by setting up a general model for memory corrup- tion attacks. Using this model we show what policies can stop which attacks. The model identifies weaknesses of currently deployed techniques, as well as other proposed protections enforcing stricter policies. We analyze the reasons why protection mechanisms imple- menting stricter polices are not deployed. To achieve wide adoption, protection mechanisms must support a multitude of features and must satisfy a host of requirements. Especially important is performance, as experience shows that only solutions whose overhead is in reasonable bounds get deployed. A comparison of different enforceable policies helps de- signers of new protection mechanisms in finding the balance between effectiveness (security) and efficiency.We identify some open research problems, and provide suggestions on improving the adoption of newer techniques.},
|
||||
author = {Szekeres, L??szl?? and Payer, Mathias and Wei, Tao and Song, Dawn},
|
||||
doi = {10.1109/SP.2013.13},
|
||||
file = {:home/steveej/src/github/steveej/msc-thesis/docs/SoK$\backslash$: Eternal War in Memory.pdf:pdf},
|
||||
isbn = {9780769549774},
|
||||
issn = {10816011},
|
||||
journal = {Proceedings - IEEE Symposium on Security and Privacy},
|
||||
pages = {48--62},
|
||||
title = {{SoK: Eternal war in memory}},
|
||||
year = {2013}
|
||||
}
|
||||
@article{Balasubramanian2017,
|
||||
abstract = {Rust is a new system programming language that offers a practical and safe alternative to C. Rust is unique in that it enforces safety without runtime overhead, most importantly, without the overhead of garbage collection. While zero-cost safety is remarkable on its own, we argue that the super-powers of Rust go beyond safety. In particular, Rust's linear type system enables capabilities that cannot be implemented efficiently in traditional languages, both safe and unsafe, and that dramatically improve security and reliability of system software. We show three examples of such capabilities: zero-copy software fault isolation, efficient static information flow analysis, and automatic checkpointing. While these capabilities have been in the spotlight of systems research for a long time, their practical use is hindered by high cost and complexity. We argue that with the adoption of Rust these mechanisms will become commoditized.},
|
||||
author = {Balasubramanian, Abhiram and Baranowski, Marek S and Burtsev, Anton and Irvine, Uc and Rakamari, Zvonimir and Ryzhyk, Leonid and Research, Vmware},
|
||||
file = {:home/steveej/src/github/steveej/msc-thesis/docs/DRAFT$\backslash$: System Programming in Rust$\backslash$: Beyond Safety.pdf:pdf},
|
||||
title = {{DRAFT: System Programming in Rust: Beyond Safety}},
|
||||
year = {2017}
|
||||
@article{Chisnall2015,
|
||||
abstract = {We propose a new memory-safe interpretation of the C ab-stract machine that provides stronger protection to benefit security and debugging. Despite ambiguities in the specifi-cation intended to provide implementation flexibility, con-temporary implementations of C have converged on a mem-ory model similar to the PDP-11, the original target for C. This model lacks support for memory safety despite well-documented impacts on security and reliability. Attempts to change this model are often hampered by as-sumptions embedded in a large body of existing C code, dat-ing back to the memory model exposed by the original C compiler for the PDP-11. Our experience with attempting to implement a memory-safe variant of C on the CHERI ex-perimental microprocessor led us to identify a number of problematic idioms. We describe these as well as their in-teraction with existing memory safety schemes and the as-sumptions that they make beyond the requirements of the C specification. Finally, we refine the CHERI ISA and abstract model for C, by combining elements of the CHERI capabil-ity model and fat pointers, and present a softcore CPU that implements a C abstract machine that can run legacy C code with strong memory protection guarantees.},
|
||||
author = {Chisnall, David and Rothwell, Colin and Watson, Robert N M and Woodruff, Jonathan and Vadera, Munraj and Moore, Simon W and Roe, Michael and Davis, Brooks and Neumann, Peter G},
|
||||
doi = {10.1145/2694344.2694367},
|
||||
file = {:home/steveej/src/github/steveej/msc-thesis/docs/Beyond the PDP-11$\backslash$: Architectural support for a memory-safe C abstract machine.pdf:pdf},
|
||||
isbn = {9781450328357},
|
||||
issn = {01635964},
|
||||
journal = {Proceedings of the Twentieth International Conference on Architectural Support for Programming Languages and Operating Systems},
|
||||
pages = {117--130},
|
||||
title = {{Beyond the PDP-11 : Architectural support for a memory-safe C abstract machine}},
|
||||
url = {http://www.cl.cam.ac.uk/research/security/ctsrd/pdfs/201503-asplos2015-cheri-cmachine.pdf},
|
||||
year = {2015}
|
||||
}
|
||||
@article{Lattner2005,
|
||||
abstract = {The LLVM Compiler Infrastructure (http://llvm.cs. uiuc.edu) is a$\backslash$nrobust system that is well suited for a wide variety of research$\backslash$nand development work. This brief paper introduces the LLVM system$\backslash$nand provides pointers to more extensive documentation, complementing$\backslash$nthe tutorial presented at LCPC.},
|
||||
|
|
@ -231,3 +68,188 @@ title = {{The LLVM Compiler Framework and Infrastructure Tutorial}},
|
|||
url = {http://dx.doi.org/10.1007/11532378{\_}2},
|
||||
year = {2005}
|
||||
}
|
||||
@article{Caballero2012,
|
||||
abstract = {Use-after-free vulnerabilities are rapidly growing in popularity, especially for exploiting web browsers. Use-after-free (and double-free) vulnerabilities are caused by a program operating on a dangling pointer. In this work we propose early detection, a novel runtime approach for finding and diagnosing use-after-free and double-free vulnerabilities. While previous work focuses on the creation of the vulnerability (i.e., the use of a dangling pointer), early detection shifts the focus to the creation of the dangling pointer(s) at the root of the vulnerability. Early detection increases the effectiveness of testing by identifying unsafe dangling pointers in executions where they are created but not used. It also accelerates vulnerability analysis and minimizes the risk of incomplete fixes, by automatically collecting information about all dangling pointers involved in the vulnerability. We implement our early detection technique in a tool called Undangle. We evaluate Undangle for vulnerability analysis on 8 real-world vulnerabilities. The analysis uncovers that two separate vulnerabilities in Firefox had a common root cause and that their patches did not completely fix the underlying bug. We also evaluate Undangle for testing on the Firefox web browser identifying a potential vulnerability.},
|
||||
author = {Caballero, Juan and Grieco, Gustavo and Marron, Mark and Nappa, Antonio},
|
||||
doi = {10.1145/2338965.2336769},
|
||||
isbn = {9781450314541},
|
||||
issn = {1450314546},
|
||||
journal = {ISSTA},
|
||||
keywords = {automated testing,binary analysis,debugging,dynamic analysis},
|
||||
pages = {133},
|
||||
title = {{Undangle: early detection of dangling pointers in use-after-free and double-free vulnerabilities}},
|
||||
url = {http://dl.acm.org/citation.cfm?doid=2338965.2336769},
|
||||
year = {2012}
|
||||
}
|
||||
@article{Dhurjati2003,
|
||||
abstract = {Traditional approaches to enforcing memory safety of programs rely heavily on runtime checks of memory accesses and on garbage collection, both of which are unattractive for embedded applications. The long-term goal of our work is to enable 100{\%} static enforcement of memory safety for embedded programs through advanced compiler techniques and minimal semantic restrictions on programs. The key result of this paper is a compiler technique that ensures memory safety of dynamically allocated memory without programmer annotations, runtime checks, or garbage collection, and works for a large subclass of type-safe C programs. The technique is based on a fully automatic pool allocation (i.e., region-inference) algorithm for C programs we developed previously, and it ensures safety of dynamically allocated memory while retaining explicit deallocation of individual objects within regions (to avoid garbage collection). For a diverse set of embedded C programs (and using a previous technique to avoid null pointer checks), we show that we are able to statically ensure the safety of pointer and dynamic memory usage in all these programs. We also describe some improvements over our previous work in static checking of array accesses. Overall, we achieve 100{\%} static enforcement of memory safety without new language syntax for a significant subclass of embedded C programs, and the subclass is much broader if array bounds checks are ignored.},
|
||||
author = {Dhurjati, D and Kowshik, S and Adve, V and Lattner, C},
|
||||
doi = {10.1145/780742.780743},
|
||||
file = {:home/steveej/src/github/steveej/msc-thesis/docs/Memory Safety Without Runtime Checks or Garbage.pdf:pdf},
|
||||
isbn = {0362-1340},
|
||||
issn = {03621340},
|
||||
journal = {Acm Sigplan Notices},
|
||||
keywords = {automatic pool allocation,compilers,embedded systems,languages,programming languages,region management,security,static analysis},
|
||||
number = {7},
|
||||
pages = {69--80},
|
||||
title = {{Memory safety without runtime checks or garbage collection}},
|
||||
volume = {38},
|
||||
year = {2003}
|
||||
}
|
||||
@book{AMD64Vol1,
|
||||
author = {AMD},
|
||||
file = {:home/steveej/src/github/steveej/msc-thesis/docs/AMD64 Architecture Programmer's Manual Volume 1$\backslash$: Application Programming.pdf:pdf},
|
||||
keywords = {AMD64,SIMD,extended media instructions,legacy m},
|
||||
number = {26568},
|
||||
title = {{AMD64 Architecture Programmer's Manual Volume 1: Application Programming}},
|
||||
volume = {4},
|
||||
year = {2012}
|
||||
}
|
||||
@article{Corporation2011a,
|
||||
abstract = {The Intel{\{}$\backslash$textregistered{\}} 64 and IA-32 Architectures Software Developer's Manual, Volume 1, describes the basic architecture and programming environment of Intel 64 and IA-32 processors. The Intel{\{}$\backslash$textregistered{\}} 64 and IA-32 Architectures Software Developer's Manual, Volumes 2A {\&} 2B, describe the instruction set of the processor and the opcode struc- ture. These volumes apply to application programmers and to programmers who write operating systems or executives. The Intel{\{}$\backslash$textregistered{\}} 64 and IA-32 Architectures Software Developer's Manual, Volumes 3A {\&} 3B, describe the operating-system support environment of Intel 64 and IA-32 processors. These volumes target operating- system and BIOS designers. In addition, the Intel{\{}$\backslash$textregistered{\}} 64 and IA-32 Architectures Software Developer's Manual, Volume 3B, addresses the programming environment for classes of software that host operating systems.},
|
||||
author = {Corporation, Intel},
|
||||
doi = {10.1109/MAHC.2010.22},
|
||||
file = {:home/steveej/src/github/steveej/msc-thesis/docs/64-ia-32-architectures-software-developer-vol-1-manual.pdf:pdf},
|
||||
isbn = {253665-057US},
|
||||
issn = {15222594},
|
||||
journal = {System},
|
||||
keywords = {253665,64,ia 32 architecture},
|
||||
number = {253665},
|
||||
title = {{Intel {\textregistered} 64 and IA-32 Architectures Software Developer ' s Manual Volume 1}},
|
||||
volume = {1},
|
||||
year = {2011}
|
||||
}
|
||||
@inproceedings{Kuznetsov2014,
|
||||
abstract = {Systems code is often written in low-level languages like C/C++, which offer many benefits but also dele- gate memory management to programmers. This invites memory safety bugs that attackers can exploit to divert control flow and compromise the system. Deployed de- fense mechanisms (e.g., ASLR, DEP) are incomplete, and stronger defense mechanisms (e.g., CFI) often have high overhead and limited guarantees [19, 15, 9]. We introduce code-pointer integrity (CPI), a new de- sign point that guarantees the integrity of all code point- ers in a program (e.g., function pointers, saved return ad- dresses) and thereby prevents all control-flow hijack at- tacks, including return-oriented programming. We also introduce code-pointer separation (CPS), a relaxation of CPI with better performance properties. CPI and CPS offer substantially better security-to-overhead ratios than the state of the art, they are practical (we protect a complete FreeBSD system and over 100 packages like apache and postgresql), effective (prevent all attacks in the RIPE benchmark), and efficient: on SPEC CPU2006, CPS averages 1.2{\%} overhead for C and 1.9{\%} for C/C++, while CPI's overhead is 2.9{\%} for C and 8.4{\%} for C/C++. A prototype implementation of CPI and CPS can be obtained from http://levee.epfl.ch. 1},
|
||||
author = {Kuznetsov, Volodymyr and Szekeres, L{\'{a}}szl{\'{o}} and Payer, Mathias},
|
||||
booktitle = {Proceedings of the 11th USENIX Symposium on Operating Systems Design and Implementation},
|
||||
isbn = {9781931971164},
|
||||
pages = {147--163},
|
||||
title = {{Code-pointer integrity}},
|
||||
url = {https://www.usenix.org/conference/osdi14/technical-sessions/presentation/kuznetsov{\%}5Cnhttps://www.usenix.org/system/files/conference/osdi14/osdi14-paper-kuznetsov.pdf?utm{\_}source=dlvr.it{\&}utm{\_}medium=tumblr},
|
||||
year = {2014}
|
||||
}
|
||||
@article{Getreu2016,
|
||||
author = {Getreu, Jens},
|
||||
file = {:home/steveej/src/github/steveej/msc-thesis/docs/Embedded System Security with Rust - Case Study of Heartbleed.pdf:pdf},
|
||||
pages = {1--24},
|
||||
title = {{Embedded System Security with Rust}},
|
||||
year = {2016}
|
||||
}
|
||||
@article{Affairs2015,
|
||||
author = {Affairs, Post Doctoral},
|
||||
file = {:home/steveej/src/steveej/msc-thesis/docs/You can't spell trust without Rust.pdf:pdf},
|
||||
title = {{YOU CAN ' T SPELL TRUST WITHOUT RUST alexis beingessner Master ' s in Computer Science Carleton University}},
|
||||
year = {2015}
|
||||
}
|
||||
@book{AMD64Vol2,
|
||||
author = {AMD},
|
||||
file = {:home/steveej/src/github/steveej/msc-thesis/docs/AMD64 Architecture Programmer's Manual Volume 2$\backslash$: System Programming.pdf:pdf},
|
||||
keywords = {24593,AMD64 Architecture Programmer's Manual Volume 2: S},
|
||||
number = {24592},
|
||||
title = {{AMD64 Architecture Programmer's Manual Volume 2: System Programming}},
|
||||
volume = {1},
|
||||
year = {2012}
|
||||
}
|
||||
@misc{MITRE-CWE-633,
|
||||
author = {MITRE},
|
||||
title = {{CWE-633: Weaknesses that Affect Memory}},
|
||||
url = {http://cwe.mitre.org/data/definitions/633.html},
|
||||
urldate = {2017-08-31},
|
||||
year = {2017}
|
||||
}
|
||||
@inproceedings{Ma2013,
|
||||
abstract = {—Aiming at the problem of higher memory consumption and lower execution efficiency during the dynamic detecting to C/C++ programs memory vulnerabilities, this paper presents a dynamic detection method called ISC. The ISC improves the Safe-C using pointer analysis technology. Firstly, the ISC defines a simple and efficient fat pointer representation instead of the safe pointer in the Safe-C. Furthermore, the ISC uses the unification-based analysis algorithm with one level flow static pointer. This identification reduces the number of pointers that need to be converted to fat pointers. Then in the process of program running, the ISC detects memory vulnerabilities through constantly inspecting the attributes of fat pointers. Experimental results indicate that the ISC could detect memory vulnerabilities such as buffer overflows and dangling pointers. Comparing with the Safe-C, the ISC dramatically reduces the memory consumption and lightly improves the execution efficiency.},
|
||||
author = {Ma, Rui and Chen, Lingkui and Hu, Changzhen and Xue, Jingfeng and Zhao, Xiaolin},
|
||||
booktitle = {Proceedings - 2013 IEEE 11th International Conference on Dependable, Autonomic and Secure Computing, DASC 2013},
|
||||
doi = {10.1109/DASC.2013.37},
|
||||
file = {:home/steveej/src/github/steveej/msc-thesis/docs/A Dynamic Detection Method to C-C++ Programs Memory Vulnerabilities Based on Pointer Analysis.pdf:pdf},
|
||||
isbn = {9781479933815},
|
||||
keywords = {dynamic detecting,fat pointer,improved Safe-C,memory vulnerability,pointer analysis},
|
||||
pages = {52--57},
|
||||
title = {{A dynamic detection method to C/C++ programs memory vulnerabilities based on pointer analysis}},
|
||||
year = {2013}
|
||||
}
|
||||
@misc{MITRE-CWE,
|
||||
author = {MITRE},
|
||||
title = {{CWE - Common Weakness Enumeration}},
|
||||
url = {http://cwe.mitre.org},
|
||||
urldate = {2017-08-31},
|
||||
year = {2017}
|
||||
}
|
||||
@article{Levy2015a,
|
||||
abstract = {Rust, a new systems programming language, provides compile-time memory safety checks to help eliminate runtime bugs that manifest from improper memory management. This feature is advantageous for operating system development, and especially for embedded OS development, where recovery and debugging are particularly challenging. However, embedded platforms are highly event-based, and Rust's memory safety mechanisms largely presume threads. In our experience developing an operating system for embedded systems in Rust, we have found that Rust's ownership model prevents otherwise safe resource sharing common in the embedded domain, conflicts with the reality of hardware resources, and hinders using closures for programming asynchronously. We describe these experiences and how they relate to memory safety as well as illustrate our workarounds that preserve the safety guarantees to the largest extent possible. In addition, we draw from our experience to propose a new language extension to Rust that would enable it to provide better memory safety tools for event-driven platforms.},
|
||||
author = {Levy, Amit and Andersen, Michael P. and Campbell, Bradford and Culler, David and Dutta, Prabal and Ghena, Branden and Levis, Philip and Pannuto, Pat},
|
||||
doi = {10.1145/2818302.2818306},
|
||||
file = {:home/steveej/src/github/steveej/msc-thesis/docs/tock-plos2015.pdf:pdf},
|
||||
isbn = {9781450339421},
|
||||
journal = {PLOS: Workshop on Programming Languages and Operating Systems},
|
||||
keywords = {embedded operating systems,linear types,ownership,rust},
|
||||
pages = {21--26},
|
||||
title = {{Ownership is Theft: Experiences Building an Embedded OS in Rust}},
|
||||
url = {http://dl.acm.org/citation.cfm?id=2818302.2818306},
|
||||
year = {2015}
|
||||
}
|
||||
@article{Corporation2011,
|
||||
abstract = {The Intel{\{}$\backslash$textregistered{\}} 64 and IA-32 Architectures Software Developer's Manual, Volume 1, describes the basic architecture and programming environment of Intel 64 and IA-32 processors. The Intel{\{}$\backslash$textregistered{\}} 64 and IA-32 Architectures Software Developer's Manual, Volumes 2A {\&} 2B, describe the instruction set of the processor and the opcode struc- ture. These volumes apply to application programmers and to programmers who write operating systems or executives. The Intel{\{}$\backslash$textregistered{\}} 64 and IA-32 Architectures Software Developer's Manual, Volumes 3A {\&} 3B, describe the operating-system support environment of Intel 64 and IA-32 processors. These volumes target operating- system and BIOS designers. In addition, the Intel{\{}$\backslash$textregistered{\}} 64 and IA-32 Architectures Software Developer's Manual, Volume 3B, addresses the programming environment for classes of software that host operating systems.},
|
||||
author = {Corporation, Intel},
|
||||
doi = {10.1109/MAHC.2010.22},
|
||||
file = {:home/steveej/src/github/steveej/msc-thesis/docs/64-ia-32-architectures-software-developer-system-programming-manual-325384.pdf:pdf},
|
||||
isbn = {253665-057US},
|
||||
issn = {15222594},
|
||||
journal = {System},
|
||||
keywords = {253665,IA-32 architecture,Intel 64},
|
||||
number = {253665},
|
||||
title = {{Intel {\textregistered} 64 and IA-32 Architectures Software Developer ' s Manual Volume 3}},
|
||||
volume = {3},
|
||||
year = {2011}
|
||||
}
|
||||
@article{Nilsson2017,
|
||||
author = {Nilsson, Fredrik},
|
||||
file = {:home/steveej/src/github/steveej/msc-thesis/docs/A Rust-based Runtime for the Internet of Things.pdf:pdf},
|
||||
title = {{A Rust-based Runtime for the Internet of Things}},
|
||||
year = {2017}
|
||||
}
|
||||
@article{Arpaci-Dusseau2015,
|
||||
abstract = {A book covering the fundamentals of operating systems, including virtualization of the CPU and memory, threads and concurrency, and file and storage systems. Written by professors active in the field for 20 years, this text has been developed in the classrooms of the University of Wisconsin-Madison, and has been used in the instruction of thousands of students.},
|
||||
author = {{Arpaci-Dusseau Remzi}, Arpaci-Dusseau Andrea},
|
||||
file = {:home/steveej/src/github/steveej/msc-thesis/docs/operating{\_}systems{\_}{\_}three{\_}easy{\_}pieces{\_}{\_}electronic{\_}version{\_}0{\_}91{\_}.pdf:pdf},
|
||||
journal = {Arpaci-Dusseau},
|
||||
number = {0.91},
|
||||
pages = {665},
|
||||
title = {{Operating Systems: Three Easy Pieces}},
|
||||
volume = {Electronic},
|
||||
year = {2015}
|
||||
}
|
||||
@article{Reed2015,
|
||||
abstract = {Rust is a new systems language that uses some advanced type system features, specifically affine types and regions, to statically guarantee memory safety and eliminate the need for a garbage collector. While each individual addition to the type system is well understood in isolation and are known to be sound, the combined system is not known to be sound. Furthermore, Rust uses a novel checking scheme for its regions, known as the Borrow Checker, that is not known to be correct. Since Rust's goal is to be a safer alternative to C/C++, we should ensure that this safety scheme actually works. We present a formal semantics that captures the key features relevant to memory safety, unique pointers and borrowed references, specifies how they guarantee memory safety, and describes the operation of the Borrow Checker. We use this model to prove the soudness of some core operations and justify the conjecture that the model, as a whole, is sound. Additionally, our model provides a syntactic version of the Borrow Checker, which may be more understandable than the non-syntactic version in Rust.},
|
||||
author = {Reed, Eric},
|
||||
file = {:home/steveej/src/github/steveej/msc-thesis/docs/Patina$\backslash$: A Formalization of the Rust Programming Language.pdf:pdf},
|
||||
number = {February},
|
||||
pages = {1--37},
|
||||
title = {{Patina: A Formalization of the Rust Programming Language}},
|
||||
year = {2015}
|
||||
}
|
||||
@misc{Endler,
|
||||
author = {Endler, Matthias},
|
||||
title = {{A curated list of static analysis tools, linters and code quality checkers for various programming languages}},
|
||||
url = {https://github.com/mre/awesome-static-analysis}
|
||||
}
|
||||
@article{Merity2016,
|
||||
abstract = {Recent neural network sequence models with softmax classifiers have achieved their best language modeling performance only with very large hidden states and large vocabularies. Even then they struggle to predict rare or unseen words even if the context makes the prediction unambiguous. We introduce the pointer sentinel mixture architecture for neural sequence models which has the ability to either reproduce a word from the recent context or produce a word from a standard softmax classifier. Our pointer sentinel-LSTM model achieves state of the art language modeling performance on the Penn Treebank (70.9 perplexity) while using far fewer parameters than a standard softmax LSTM. In order to evaluate how well language models can exploit longer contexts and deal with more realistic vocabularies and larger corpora we also introduce the freely available WikiText corpus.},
|
||||
archivePrefix = {arXiv},
|
||||
arxivId = {1609.07843},
|
||||
author = {Merity, Stephen and Xiong, Caiming and Bradbury, James and Socher, Richard},
|
||||
eprint = {1609.07843},
|
||||
journal = {Arxiv},
|
||||
title = {{Pointer Sentinel Mixture Models}},
|
||||
url = {http://arxiv.org/abs/1609.07843},
|
||||
year = {2016}
|
||||
}
|
||||
@article{Balasubramanian2017,
|
||||
abstract = {Rust is a new system programming language that offers a practical and safe alternative to C. Rust is unique in that it enforces safety without runtime overhead, most importantly, without the overhead of garbage collection. While zero-cost safety is remarkable on its own, we argue that the super-powers of Rust go beyond safety. In particular, Rust's linear type system enables capabilities that cannot be implemented efficiently in traditional languages, both safe and unsafe, and that dramatically improve security and reliability of system software. We show three examples of such capabilities: zero-copy software fault isolation, efficient static information flow analysis, and automatic checkpointing. While these capabilities have been in the spotlight of systems research for a long time, their practical use is hindered by high cost and complexity. We argue that with the adoption of Rust these mechanisms will become commoditized.},
|
||||
author = {Balasubramanian, Abhiram and Baranowski, Marek S and Burtsev, Anton and Irvine, Uc and Rakamari, Zvonimir and Ryzhyk, Leonid and Research, Vmware},
|
||||
file = {:home/steveej/src/github/steveej/msc-thesis/docs/DRAFT$\backslash$: System Programming in Rust$\backslash$: Beyond Safety.pdf:pdf},
|
||||
title = {{DRAFT: System Programming in Rust: Beyond Safety}},
|
||||
year = {2017}
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue