Home
Authors Papers Year of conference Themes Organizations To MES conference
Trends in the implementation of processor memory description and analyzers for software verification |
|
|
|
|
Authors |
| Semenov S. |
Date of publication |
| 2022 |
DOI |
| 10.31114/2078-7707-2022-4-32-36 |
|
Abstract |
| — In the issue of secure coding, several approaches have been created and developed, they can be either hardware or software solutions. An example of a unique approach of hardware support for secure coding is domestic microchip technology using Elbrus architecture. The hardware memory protection mechanism supports a compiler that generates code with an address size of 128 bits, which allows you to run a program using hardware support for context separation and data access control. The architecture support tagged memory. Tag-level permission system do not allow user to modify the tag.
An alternative solution is the CHERI project from SRI International and the University of Cambridge. A special feature of this architecture is one bit in a word and mandatory descriptors, which contain permission mask, flag and object type. CHERI extends conventional hardware instruction-Set architectures (ISA’s) with new features to enable fine-grained memory protection and highly scalable software compartmentalization. Another competitive technology is ARM Memory Tagging Extension (MTE), which provides a productive and scalable hardware solution, that reduces the likelihood of using memory security breaches in code, written in memory-unsafe programming languages. This mechanism of memory access is called the locks-and-keys.
Software analyzers are software-only tools that support debuggers and memory-safe programming. They are used to search for various defect types, including buffer overflow, use of uninitialized variable, memory leaks, inconsistent/division by zero error, returning address of local variable and objects use after deletion. Software defect detection technologies are static analyzers, dynamic analyzers and application memory protection technologies from exploiting vulnerabilities in the code while the program is running.
Different tools use different algorithms to find defects and ways to deal with false positives. Often, for more effective error detection, program code analyzers and hardware solutions are used together. |
Keywords |
| memory descriptors, tagged memory, Elbrus, CHERI, Arm MTE, static code analysis, Valgrind, Svace |
Library reference |
| Semenov S. Trends in the implementation of processor memory description and analyzers for software verification // Problems of Perspective Micro- and Nanoelectronic Systems Development - 2022. Issue 4. P. 32-36. doi:10.31114/2078-7707-2022-4-32-36 |
URL of paper |
| http://www.mes-conference.ru/data/year2022/pdf/D081.pdf |
|
|