Core Concepts
Stack safety is decomposed into integrity, confidentiality, and control-flow properties to ensure security in function activations.
Abstract
The content discusses the formalization of stack safety as a security property, proposing new concepts and properties to enhance protection mechanisms. It delves into the challenges of defining stack safety due to its protean nature and proposes a decomposition of stack safety into five distinct properties. The article validates these properties through testing and distinguishes between correct and incorrect implementations. It also explores the implications of various enforcement mechanisms on stack safety.
- Introduction to Functions in High-Level Languages
- Functions manage local variables and information about callers.
- Call stack is fundamental for implementing functions.
- Attacks on the call stack are common in low-level attacks.
- Proposal of New Formal Characterization of Stack Safety
- Decomposition of stack safety into integrity, confidentiality, and control-flow properties.
- Motivated by lazy enforcement mechanisms studied by Roessler and DeHon.
- Validation of Properties Through Testing
- Use of property-based random testing to validate properties.
- Identification of broken variants using the proposed properties.
- Framework and Assumptions for Security Semantics
- Definition of machine model, security semantics, and operations.
- Introduction of views, contexts, events, traces, variants, corrupted sets, and "on-return" assertions.
- Core Properties Definitions
- Well-bracketed Control Flow (WBCF) ensures proper return after calls.
- Caller Integrity (CLRI) focuses on preserving sealed elements' values after calls.
- Caller Confidentiality (CLRC) protects against unauthorized access to caller's private state.
- Formalization Details for Properties
- Detailed rules for each operation such as alloc, dealloc, call, return.
- Events and Traces Abstraction
- Abstracting over observable events in the system.
- Variants, Corrupted Sets, and "On-return" Assertions
- Defining variants for comparison between states.
- Properties Criteria
- Defining criteria that must hold immediately after call steps for each property.
Stats
No key metrics or figures mentioned in the content.
Quotes
No striking quotes found in the content.