Complete Memory Safety for C/C++

Description

Master’s thesis in cooperation with Fraunhofer AISEC
Complete Memory Safety for C/C++
A vast majority of today’s security-relevant vulnerabilities arise from the broad use of un-
safe programming languages, such as C and C++. These languages omit the enforcement
of strong type safety and memory safety in favor of efficiency and flexibility, rendering them
ideal for software development, especially in the field of low-level embedded systems.
However, the lack of such safety features frequently causes bugs that can be exploited for
leaking information, corrupting data, or hijacking the control-flow of programs. To find such
bugs during testing, or to detect them in production, sanitizers are used to hardened the
programs with runtime memory and type safety checks.
Task Description
Memory bugs are of two types: spatial, e.g., buffer overflows, and temporal, e.g., use-
after-free. Additionally, type confusion bugs involve casting pointers to unrelated types.
Previous sanitizers have been used detect all of the three types of bugs. However, none
of them are complete, i.e., they do not fully detect all the types of bugs. The goal of this
thesis is to identify what is missing from the existing sanitizers and then to extend one of
them to make it complete.
Requirements
• Ability to work independently and accurately
• Good C/C++ programming skills
• Familiar with Linux and compiler toolchains
• High interest in compiler programming and software security
• Willingness to work under remote guidance
Contact
Please send your application with current CV and transcript of records to:
Emanuel Vintila
Fraunhofer Institute for Applied and Integrated Security (AISEC)
Lichtenbergstr. 11, 85748 Garching near Munich
Mail: ge56saw@mytum.de
Publication Date: 24.08.2023