Garbage collection in an uncooperative environment
Software—Practice & Experience
Improving the cache locality of memory allocation
PLDI '93 Proceedings of the ACM SIGPLAN 1993 conference on Programming language design and implementation
The measured cost of conservative garbage collection
Software—Practice & Experience
Efficient detection of all pointer and array access errors
PLDI '94 Proceedings of the ACM SIGPLAN 1994 conference on Programming language design and implementation
Impossibility of distributed consensus with one faulty process
Journal of the ACM (JACM)
Hypervisor-based fault tolerance
SOSP '95 Proceedings of the fifteenth ACM symposium on Operating systems principles
The memory fragmentation problem: solved?
Proceedings of the 1st international symposium on Memory management
Cache-conscious structure layout
Proceedings of the ACM SIGPLAN 1999 conference on Programming language design and implementation
Bounds for Some Functions Concerning Dynamic Storage Allocation
Journal of the ACM (JACM)
Composing high-performance memory allocators
Proceedings of the ACM SIGPLAN 2001 conference on Programming language design and implementation
Hoard: a scalable memory allocator for multithreaded applications
ASPLOS IX Proceedings of the ninth international conference on Architectural support for programming languages and operating systems
CCured: type-safe retrofitting of legacy code
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Region-based memory management in cyclone
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
Dynamic Storage Allocation: A Survey and Critical Review
IWMM '95 Proceedings of the International Workshop on Memory Management
Parameterized Verification of Multithreaded Software Libraries
TACAS 2001 Proceedings of the 7th International Conference on Tools and Algorithms for the Construction and Analysis of Systems
ATEC '02 Proceedings of the General Track of the annual conference on USENIX Annual Technical Conference
Memory safety without runtime checks or garbage collection
Proceedings of the 2003 ACM SIGPLAN conference on Language, compiler, and tool for embedded systems
Protecting C programs from attacks via invalid pointer dereferences
Proceedings of the 9th European software engineering conference held jointly with 11th ACM SIGSOFT international symposium on Foundations of software engineering
Low-overhead memory leak detection using adaptive statistical profiling
ASPLOS XI Proceedings of the 11th international conference on Architectural support for programming languages and operating systems
Experience with safe manual memory-management in cyclone
Proceedings of the 4th international symposium on Memory management
An efficient and backwards-compatible transformation to ensure memory safety of C programs
Proceedings of the 12th ACM SIGSOFT twelfth international symposium on Foundations of software engineering
On the effectiveness of address-space randomization
Proceedings of the 11th ACM conference on Computer and communications security
A Dynamic Technique for Eliminating Buffer Overflow Vulnerabilities (and Other Memory Errors)
ACSAC '04 Proceedings of the 20th Annual Computer Security Applications Conference
Run-time Detection of Heap-based Overflows
LISA '03 Proceedings of the 17th USENIX conference on System administration
Improving software security with a C pointer analysis
Proceedings of the 27th international conference on Software engineering
Quantifying the performance of garbage collection vs. explicit memory management
OOPSLA '05 Proceedings of the 20th annual ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
Rx: treating bugs as allergies---a safe method to survive software failures
Proceedings of the twentieth ACM symposium on Operating systems principles
A locality-improving dynamic memory allocator
Proceedings of the 2005 workshop on Memory system performance
Using Valgrind to detect undefined value errors with bit-precision
ATEC '05 Proceedings of the annual conference on USENIX Annual Technical Conference
Enhancing server availability and security through failure-oblivious computing
OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
Address obfuscation: an efficient approach to combat a board range of memory error exploits
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Efficient techniques for comprehensive protection from memory error exploits
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
ATEC '98 Proceedings of the annual conference on USENIX Annual Technical Conference
SAFECode: enforcing alias analysis for weakly typed languages
Proceedings of the 2006 ACM SIGPLAN conference on Programming language design and implementation
Comprehensively and efficiently protecting the heap
Proceedings of the 12th international conference on Architectural support for programming languages and operating systems
Exterminator: automatically correcting memory errors with high probability
Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation
Automatic on-line failure diagnosis at the end-user site
HOTDEP'06 Proceedings of the 2nd conference on Hot Topics in System Dependability - Volume 2
Data layouts for object-oriented programs
Proceedings of the 2007 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Rx: Treating bugs as allergies—a safe method to survive software failures
ACM Transactions on Computer Systems (TOCS)
AjaxScope: a platform for remotely monitoring the client-side behavior of web 2.0 applications
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Bouncer: securing software by blocking bad input
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Triage: diagnosing production run failures at the user's site
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Tracking bad apples: reporting the origin of null and undefined value errors
Proceedings of the 22nd annual ACM SIGPLAN conference on Object-oriented programming systems and applications
Hardbound: architectural support for spatial safety of the C programming language
Proceedings of the 13th international conference on Architectural support for programming languages and operating systems
Archipelago: trading address space for reliability and security
Proceedings of the 13th international conference on Architectural support for programming languages and operating systems
Samurai: protecting critical data in unsafe languages
Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008
Building bug-tolerant routers with virtualization
Proceedings of the ACM workshop on Programmable routers for extensible services of tomorrow
LeakSurvivor: towards safely tolerating memory leaks for garbage-collected languages
ATC'08 USENIX 2008 Annual Technical Conference on Annual Technical Conference
Exterminator: Automatically correcting memory errors with high probability
Communications of the ACM - Surviving the data deluge
DIMVA '08 Proceedings of the 5th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Bristlecone: A Language for Robust Software Systems
ECOOP '08 Proceedings of the 22nd European conference on Object-Oriented Programming
Proceedings of the 23rd ACM SIGPLAN conference on Object-oriented programming systems languages and applications
Efficient and extensible security enforcement using dynamic data flow analysis
Proceedings of the 15th ACM conference on Computer and communications security
Detecting and tolerating asymmetric races
Proceedings of the 14th ACM SIGPLAN symposium on Principles and practice of parallel programming
Proceedings of the 14th international conference on Architectural support for programming languages and operating systems
Proceedings of the 4th ACM European conference on Computer systems
First-aid: surviving and preventing memory management bugs during production runs
Proceedings of the 4th ACM European conference on Computer systems
SoftBound: highly compatible and complete spatial memory safety for c
Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
Polymorphing Software by Randomizing Data Structure Layout
DIMVA '09 Proceedings of the 6th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Backward-compatible constant-time exception-protected memory
Proceedings of the the 7th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering
Automatically patching errors in deployed software
Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
Virtually eliminating router bugs
Proceedings of the 5th international conference on Emerging networking experiments and technologies
Proactive Fortification of Fault-Tolerant Services
OPODIS '09 Proceedings of the 13th International Conference on Principles of Distributed Systems
Orthrus: efficient software integrity protection on multi-cores
Proceedings of the fifteenth edition of ASPLOS on Architectural support for programming languages and operating systems
Execution suppression: An automated iterative technique for locating memory errors
ACM Transactions on Programming Languages and Systems (TOPLAS)
Statistically regulating program behavior via mainstream computing
Proceedings of the 8th annual IEEE/ACM international symposium on Code generation and optimization
CETS: compiler enforced temporal safety for C
Proceedings of the 2010 international symposium on Memory management
Learning universal probabilistic models for fault localization
Proceedings of the 9th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
Proceedings of the 32nd ACM/IEEE International Conference on Software Engineering - Volume 1
ACM Transactions on Computer Systems (TOCS)
Towards understanding bugs in open source router software
ACM SIGCOMM Computer Communication Review
KAL: kernel-assisted non-invasive memory leak tolerance with a general-purpose memory allocator
Software—Practice & Experience
AjaxScope: A Platform for Remotely Monitoring the Client-Side Behavior of Web 2.0 Applications
ACM Transactions on the Web (TWEB)
Independence from obfuscation: A semantic framework for diversity
Journal of Computer Security
Multi-variant program execution for vulnerability detection and analysis
Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research
On the effectiveness of multi-variant program execution for vulnerability detection and prevention
Proceedings of the 6th International Workshop on Security Measurements and Metrics
DAFT: decoupled acyclic fault tolerance
Proceedings of the 19th international conference on Parallel architectures and compilation techniques
End-to-end data integrity for file systems: a ZFS case study
FAST'10 Proceedings of the 8th USENIX conference on File and storage technologies
Baggy bounds checking: an efficient and backwards-compatible defense against out-of-bounds errors
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
NOZZLE: a defense against heap-spraying code injection attacks
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Proceedings of the 17th ACM conference on Computer and communications security
Patterns and statistical analysis for understanding reduced resource computing
Proceedings of the ACM international conference on Object oriented programming systems languages and applications
Taxonomy and classification of automatic monitoring of program security vulnerability exploitations
Journal of Systems and Software
Cling: A memory allocator to mitigate dangling pointers
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
Improving software diagnosability via log enhancement
Proceedings of the sixteenth international conference on Architectural support for programming languages and operating systems
Making the common case the only case with anticipatory memory allocation
FAST'11 Proceedings of the 9th USENIX conference on File and stroage technologies
Automatic on-line failure diagnosis at the end-user site
HotDep'06 Proceedings of the Second conference on Hot topics in system dependability
TPM-SIM: a framework for performance evaluation of trusted platform modules
Proceedings of the 48th Design Automation Conference
WOOT'11 Proceedings of the 5th USENIX conference on Offensive technologies
Dthreads: efficient deterministic multithreading
SOSP '11 Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles
Detecting and surviving data races using complementary schedules
SOSP '11 Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles
RIPE: runtime intrusion prevention evaluator
Proceedings of the 27th Annual Computer Security Applications Conference
Improving robustness of DNS to software vulnerabilities
Proceedings of the 27th Annual Computer Security Applications Conference
Making the common case the only case with anticipatory memory allocation
ACM Transactions on Storage (TOS)
Quarantine: a framework to mitigate memory errors in JNI applications
Proceedings of the 9th International Conference on Principles and Practice of Programming in Java
What to do when things go wrong: recovery in complex (computer) systems
Proceedings of the 11th annual international conference on Aspect-oriented Software Development Companion
Runtime countermeasures for code injection attacks against C and C++ programs
ACM Computing Surveys (CSUR)
On Protection by Layout Randomization
ACM Transactions on Information and System Security (TISSEC)
Proceedings of the Tenth International Symposium on Code Generation and Optimization
Runtime asynchronous fault tolerance via speculation
Proceedings of the Tenth International Symposium on Code Generation and Optimization
Securing heap memory by data pointer encoding
Future Generation Computer Systems
Software needs seatbelts and airbags
Communications of the ACM
Software Needs Seatbelts and Airbags
Queue - Debugging
Undangle: early detection of dangling pointers in use-after-free and double-free vulnerabilities
Proceedings of the 2012 International Symposium on Software Testing and Analysis
Branch regulation: low-overhead protection from code reuse attacks
Proceedings of the 39th Annual International Symposium on Computer Architecture
AddressSanitizer: a fast address sanity checker
USENIX ATC'12 Proceedings of the 2012 USENIX conference on Annual Technical Conference
Binary stirring: self-randomizing instruction addresses of legacy x86 binary code
Proceedings of the 2012 ACM conference on Computer and communications security
MemSafe: ensuring the spatial and temporal memory safety of C at runtime
Software—Practice & Experience
Improving Memory Management Security for C and C++
International Journal of Secure Software Engineering
Monitoring Buffer Overflow Attacks: A Perennial Task
International Journal of Secure Software Engineering
STABILIZER: statistically sound performance evaluation
Proceedings of the eighteenth international conference on Architectural support for programming languages and operating systems
Towards hinted collection: annotations for decreasing garbage collector pause times
Proceedings of the 2013 international symposium on memory management
Generating sound and effective memory debuggers
Proceedings of the 2013 international symposium on memory management
Parallelizing Sequential Programs with Statistical Accuracy Tests
ACM Transactions on Embedded Computing Systems (TECS) - Special Section on Probabilistic Embedded Computing
PROARTIS: Probabilistically Analyzable Real-Time Systems
ACM Transactions on Embedded Computing Systems (TECS) - Special Section on Probabilistic Embedded Computing
GHUMVEE: efficient, effective, and flexible replication
FPS'12 Proceedings of the 5th international conference on Foundations and Practice of Security
Probabilistic timing analysis on conventional cache designs
Proceedings of the Conference on Design, Automation and Test in Europe
Safe software updates via multi-version execution
Proceedings of the 2013 International Conference on Software Engineering
Ironclad C++: a library-augmented type-safe subset of c++
Proceedings of the 2013 ACM SIGPLAN international conference on Object oriented programming systems languages & applications
HeapSentry: kernel-assisted protection against heap overflows
DIMVA'13 Proceedings of the 10th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
WatchdogLite: Hardware-Accelerated Compiler-Based Pointer Checking
Proceedings of Annual IEEE/ACM International Symposium on Code Generation and Optimization
Hi-index | 0.02 |
Applications written in unsafe languages like C and C++ are vulnerable to memory errors such as buffer overflows, dangling pointers, and reads of uninitialized data. Such errors can lead to program crashes, security vulnerabilities, and unpredictable behavior. We present DieHard, a runtime system that tolerates these errors while probabilistically maintaining soundness. DieHard uses randomization and replication to achieve probabilistic memory safety by approximating an infinite-sized heap. DieHard's memory manager randomizes the location of objects in a heap that is at least twice as large as required. This algorithm prevents heap corruption and provides a probabilistic guarantee of avoiding memory errors. For additional safety, DieHard can operate in a replicated mode where multiple replicas of the same application are run simultaneously. By initializing each replica with a different random seed and requiring agreement on output, the replicated version of Die-Hard increases the likelihood of correct execution because errors are unlikely to have the same effect across all replicas. We present analytical and experimental results that show DieHard's resilience to a wide range of memory errors, including a heap-based buffer overflow in an actual application.