Safe At Any Speed: Making the C Programming Language Secure and Fast

Abstract

The power and efficiency of the C programming language have historically made it the language of choice for writing lowlevel system and performancecritical code. Explicit memory management gives the programmer extensive control over how a program's data will be laid out in memory, cutting away layers of abstraction that can sap performance. Of course, C is historically just as well known for the myriad security flaws that such low-level power has engendered. Buffer overruns (and related attacks) are constantly being discovered in real systems currently in production use. Yet such caveats have not diminished the importance of the C language, nor its widespread use. Several approaches have been proposed to ameliorate this situation. This project takes as its foundation the CCured system developed by Necula et al. CCured is a dialect of C that retains most of C's expressivity, thus requiring little change to legacy code while adding type safety. CCured uses "annotated" pointers allowing the memory-safe usage of pointers (as one finds in C# or Java) to be enforced, at the cost of performing some runtime checks, increased memory usage, and the use of a conservative garbage collector to prevent dangling references.

My project is twofold. First, it involves specifically characterizing the overhead that CCured entails, in terms of increased running time, dynamic instructions and memory references. Secondly, I will discuss trying to alleviate those overheads by adding some additional structures to a modern microprocessor.

Supporting Materials

My project poster and writeup.