Short talk: The Meaning of Memory Safety
We propose a rigorous characterization of what it means for a programming language to be memory safe, capturing the intuition that memory safety supports local reasoning about state. We formalize this principle in two ways. First, we show how a small memory-safe imperative language validates a noninterference property: a program can neither affect nor be affected by parts of the state it cannot reach. Second, we show how to take advantage of memory safety to extend separation logic with a variant of its frame rule. Our new rule is stronger because it applies even when parts of the program are buggy or malicious, but also weaker because it requires a stricter form of separation between parts of the program state. We also consider a number of pragmatically motivated variations of memory safety and the reasoning principles they support. As an application of our characterization, we evaluate the security of a previously proposed dynamic monitor for memory safety of heap-allocated data.
| Slides (main.pdf) | 154KiB |
Conference DaySat 13 JanDisplayed time zone: Tijuana, Baja California change
11:30 - 12:00 | |||
11:30 5mTalk | Short talk: The Meaning of Memory Safety PriSC Arthur Azevedo de AmorimCarnegie Mellon University, USA, Cătălin HriţcuInria Paris, Benjamin C. PierceUniversity of Pennsylvania Pre-print File Attached | ||
11:35 5mTalk | Short talk: Dependently Typed Assembly for Secure Linking PriSC William J. BowmanNortheastern University, USA Link to publication File Attached | ||
11:40 5mTalk | Short talk: Compiler Optimizations with Retrofitting Transformations: Is there a Semantic Mismatch? PriSC Santosh NagarakatteRutgers University, USA Pre-print File Attached | ||
11:45 5mTalk | Short Talk: Secure compilation from F* to WebAssembly PriSC Jonathan ProtzenkoMicrosoft Research, n.n. File Attached | ||