Not Quite Write: On the Effectiveness of Store-Only Bounds Checking

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!

Grab it

Explore a 21-minute conference talk from USENIX WOOT '24 that challenges conventional wisdom about store-only bounds checking in C/C++ memory safety. Discover how researchers from DistriNet at KU Leuven demonstrate that omitting pointer validity checks for memory loads, while reducing performance overhead, can lead to significant security vulnerabilities. Learn how invalid reads can be exploited to bypass store-only validity checks, with empirical evidence from SoftBound implementation and analysis of 1,000 popular C/C++ repositories. Gain insights into potential defensive measures and modifications that could help complete bounds checkers maintain reduced overhead without severely compromising security.

Syllabus

WOOT '24 - Not Quite Write: On the Effectiveness of Store-Only Bounds Checking

Taught by

USENIX

Reviews

Start your review of Not Quite Write: On the Effectiveness of Store-Only Bounds Checking

Black Friday 2024: 25+ Ways to Save on Online Learning

Most common

Popular subjects

Popular courses

Not Quite Write: On the Effectiveness of Store-Only Bounds Checking

Overview

Syllabus

Taught by

Reviews

Black Friday 2024: 25+ Ways to Save on Online Learning

Taught by

Progress on Bounds Checking in C and the Linux Kernel

Meaningful Bounds Checking in the Linux Kernel - Addressing Buffer Overflows

On the Effectiveness of Control-Flow Integrity in Practice - A Systematic Overview

Dangerous Optimizations and the Loss of Causality in C and C++ Programming

10 Best C++ Courses for 2024: A Lang for the Modern Age

Never Stop Learning.