It is time to standardize principles and practices for software memory safety (extended version)

Watson, Robert N. M.; Baldwin, John; Chen, Tony; Chisnall, David; Clarke, Jessica; Davis, Brooks; Filardo, Nathaniel Wesley; Gutstein, Brett; Jenkinson, Graeme; Kern, Christoph; Laurie, Ben; Mazzinghi, Alfredo; Moore, Simon W.; Neumann, Peter G.; Okhravi, Hamed; Rebert, Alex; Richardson, Alex; Sewell, Peter; Tratt, Laurence; Vijayaraghavan, Murali; Vincent, Hugo; Witaszczyk, Konrad

doi:10.48456/tr-996

Technical reports

It is time to standardize principles and practices for software memory safety (extended version)

Robert N. M. Watson, John Baldwin, Tony Chen, David Chisnall, Jessica Clarke, Brooks Davis, Nathaniel Wesley Filardo, Brett Gutstein, Graeme Jenkinson, Christoph Kern, Ben Laurie, Alfredo Mazzinghi, Simon W. Moore, Peter G. Neumann, Hamed Okhravi, Alex Rebert, Alex Richardson, Peter Sewell, Laurence Tratt, Murali Vijayaraghavan, Hugo Vincent, Konrad Witaszczyk

February 2025, 29 pages

Distribution Statement A: Approved for public release. Distribution is unlimited. This material is based in part upon work supported by the Defense Advanced Research Projects Agency (DARPA) and the Air Force Research Laboratory (AFRL) under contract FA8750- 24-C-B047 (“DEC”), and in part upon work supported by the Under Secretary of Defense for Research and Engineering under Air Force Contract No. FA8702-15-D-0001. Any opinions, findings, conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the Department of Defense, Under Secretary of Defense for Research and Engineering, or the U.S. Government.

This work was supported in part by Innovate UK projects 105694 and 10027440, by EPSRC grants EP/V000292/1 (“CHaOS”) and EP/V000373/1 (“CapableVMs”), by UKRI (ERC-AdG-2022 funding guarantee) grant EP/Y035976/1 (“SAFER”), and by ERC-AdG-2017 grant 789108 (“ELVER”). Additional support was received from Arm, Google, and Microsoft.

DOI	https://doi.org/10.48456/tr-996

Abstract

This is the extended version of the paper, “It is time to standardize principles and practices for software memory safety”, which appeared in the February 2025 issue of Communications of the ACM.

In this report, we explore memory-safety standardization, which we argue is an essential step to promoting universal strong memory safety in government and industry, and, in turn, to ensure access to more secure software for all. Over the last two decades, a set of four research technologies for strong memory safety – memory-safe systems languages, hardware and software memory protection, formal approaches, and software compartmentalization – have reached sufficient maturity to see early deployment in security-critical use cases. However, there remains no shared, technology-neutral terminology or framework with which to specify memory-safety requirements.

This is needed to enable reliable specification, design, implementation, auditing, and procurement of strongly memory-safe systems. Failure to speak in a common language makes it difficult to understand the possibilities or communicate accurately with one another, limiting perceived benefits and hence actual demand. The lack of such a framework also acts as an impediment to potential future policy interventions, and, in turn, as an impediment to stating requirements to address observed market failures preventing adoption of these technologies. Standardization would also play a critical role in improving industrial best practice, another key aspect of adoption.

We begin with an overview of the many techniques – from hardware to software to formal theories – that have been developed and redefined over several decades, and how each plays a part in moving us towards strong memory safety. We explore how these technologies can be differentiated, considering both differences in functional protection and strength. We discuss how adoption barriers and potential market failures have limited adoption, and how the standardization gap limits potential interventions. We propose potential approaches to standardization – likely a task not limited to any one institution or standards body – and conclude with an illustrative universal memory-safety adoption timeline proposing a realistic path to universal adoption given suitable incentivization.

Full text

PDF (0.6 MB)

BibTeX record

@TechReport{UCAM-CL-TR-996,
  author =	 {Watson, Robert N. M. and Baldwin, John and Chen, Tony and
          	  Chisnall, David and Clarke, Jessica and Davis, Brooks and
          	  Filardo, Nathaniel Wesley and Gutstein, Brett and
          	  Jenkinson, Graeme and Kern, Christoph and Laurie, Ben and
          	  Mazzinghi, Alfredo and Moore, Simon W. and Neumann, Peter
          	  G. and Okhravi, Hamed and Rebert, Alex and Richardson, Alex
          	  and Sewell, Peter and Tratt, Laurence and Vijayaraghavan,
          	  Murali and Vincent, Hugo and Witaszczyk, Konrad},
  title = 	 {{It is time to standardize principles and practices for
         	   software memory safety (extended version)}},
  year = 	 2025,
  month = 	 feb,
  url = 	 {https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-996.pdf},
  institution =  {University of Cambridge, Computer Laboratory},
  doi = 	 {10.48456/tr-996},
  number = 	 {UCAM-CL-TR-996}
}

Department of Computer Science and Technology

It is time to standardize principles and practices for software memory safety (extended version)

Abstract

Full text

BibTeX record