Publications related to Memory safety

Preventing Use-After-Free Attacks with Fast Forward Allocation

Memory-unsafe languages are widely used to implement critical systems like kernels and browsers, leading to thousands of memory safety issues every year. A use-after-free bug is a temporal memory error where the program accidentally visits a freed memory l ...

USENIX ASSOC2021

Formal Verification of Rust with Stainless

Writing correct software is hard, yet in systems that have a high failure cost or are not easily upgraded like blockchains, bugs and security problems cannot be tolerated. Therefore, these systems are perfect use cases for formal verification, the task of ...

2021

Admissibility of Uncertain Injections in Quadratic Algebraic Systems

Jean-Yves Le Boudec, Cong Wang, Eleni Stai

We study the admissibility problem in multivariate algebraic systems, such as ac electrical networks, where the power injection is quadratic in the state. The goal of such systems is to ensure that the state stays in some security set (e.g., magnitudes of ...

IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC2021

A Type-and-Effect System for Object Initialization

Martin Odersky, Fengyun Liu, Paolo Giosuè Giarrusso, Ondrej Lhoták

Every newly created object goes through several initialization states: starting from a state where all fields are uninitialized until all of them are assigned. Any operation on the object during its initialization process, which usually happens in the cons ...

2020

A Type-and-Effect System for Object Initialization

Martin Odersky, Fengyun Liu, Paolo Giosuè Giarrusso, Ondrej Lhoták

Every newly created object goes through several initialization states: starting from a state where all fields are uninitialized until all of them are assigned. Any operation on the object during its initialization process, which usually happens in the cons ...

ASSOC COMPUTING MACHINERY2020

RetroWrite: Statically Instrumenting COTS Binaries for Fuzzing and Sanitization

Mathias Josef Payer, Duo Xu

Analyzing the security of closed source binaries is currently impractical for end-users, or even developers who rely on third-party libraries. Such analysis relies on automatic vulnerability discovery techniques, most notably fuzzing with sanitizers enable ...

IEEE COMPUTER SOC2020

SoK: Shining Light on Shadow Stacks

Mathias Josef Payer, Xiangyu Zhang

Control-Flow Hijacking attacks are the dominant attack vector against C/C++ programs. Control-Flow Integrity (CFI) solutions mitigate these attacks on the forward edge, i.e., indirect calls through function pointers and virtual calls. Protecting the backwa ...

IEEE COMPUTER SOC2019

System Support for Efficient Replication in Distributed Systems

Dragos-Adrian Seredinschi

Current online applications, such as search engines, social networks, or file sharing services, execute across a distributed network of machines. They provide non-stop services to their users despite failures in the underlying network. To achieve such a hi ...

EPFL2019

LMS-Verify: Abstraction without Regret for Verified Systems Programming’

Tiark Rompf, Nada Amin

Performance critical software is almost always developed in C, as programmers do not trust high-level languages to deliver the same reliable performance. This is bad because low-level code in unsafe languages attracts security vulnerabilities and because d ...

Assoc Computing Machinery2017

Algorithmic Resource Verification

Ravichandhran Kandhadai Madhavan

Static estimation of resource utilisation of programs is a challenging and important problem with numerous applications. In this thesis, I present new algorithms that enable users to specify and verify their desired bounds on resource usage of functional p ...

EPFL2017

Memory safety

Graph Chatbot

Chat with Graph Search

Preventing Use-After-Free Attacks with Fast Forward Allocation

Formal Verification of Rust with Stainless

Admissibility of Uncertain Injections in Quadratic Algebraic Systems

A Type-and-Effect System for Object Initialization

A Type-and-Effect System for Object Initialization

RetroWrite: Statically Instrumenting COTS Binaries for Fuzzing and Sanitization

SoK: Shining Light on Shadow Stacks

System Support for Efficient Replication in Distributed Systems

LMS-Verify: Abstraction without Regret for Verified Systems Programming’

Algorithmic Resource Verification

Formal Verification of Rust with Stainless

A Type-and-Effect System for Object Initialization

A Type-and-Effect System for Object Initialization

LMS-Verify: Abstraction without Regret for Verified Systems Programming’

Algorithmic Resource Verification

Admissibility of Uncertain Injections in Quadratic Algebraic Systems

RetroWrite: Statically Instrumenting COTS Binaries for Fuzzing and Sanitization

System Support for Efficient Replication in Distributed Systems

Preventing Use-After-Free Attacks with Fast Forward Allocation

SoK: Shining Light on Shadow Stacks