Lack of memory safety in the two major systems programming languages, C and C++, is one of the oldest, most dangerous, and most challenging systems and software security problems. People have put enormous efforts in fighting memory safety bugs for over 30 years. However, memory safety vulnerabilities remain one of the major threats in software security because previous work suffers one or more major limitations such as high performance overhead and weak security guarantees. 

This thesis tackles the memory safety issue based on two key observations. First, new memory-safe systems programming languages have the potential to replace C/C++ to fundamentally and efficiently solve the memory safety problem. However, they still need improvements. Second, large low-level software now have and will have both safe and unsafe code coexisting in the foreseeable future. It is therefore a promising research direction to secure partial components of a complex program gradually. 

This thesis makes three contributions in addressing the memory safety problem from an incremental perspective. First, we extended Checked C—a new safe dialect of C—with full temporal memory safety. Second, we developed an efficient intra-address isolation technique and applied the technique to guarantee return address integrity for programs on ARM embedded systems. Third, we developed a summary-based whole- program analysis to quickly identify unsafe memory accesses in Rust programs. 

Advisor: Prof. John Criswell (Computer Science) 

Committee: Prof. Michael L. Scott (Computer Science), Prof. Sreepathi Pai (Computer Science),

Prof. Michael Hicks (University of Maryland), David Tarditi (CirtiK)

Chair: Prof. Brandon Mort (Chemistry/ Center for Integrated Research Computing)  

4:00 pm Reception in second floor atrium