This repository has been archived by the owner on Apr 11, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.bib
332 lines (292 loc) · 12 KB
/
main.bib
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
@inproceedings{haas2017bringing,
title={Bringing the web up to speed with WebAssembly},
author={Haas, Andreas and Rossberg, Andreas and Schuff, Derek L and Titzer, Ben L and Holman, Michael and Gohman, Dan and Wagner, Luke and Zakai, Alon and Bastien, JF},
booktitle={Proceedings of the 38th ACM SIGPLAN Conference on Programming Language Design and Implementation},
pages={185--200},
year={2017}
}
@inproceedings{serebryany2012addresssanitizer,
title={AddressSanitizer: A fast address sanity checker},
author={Serebryany, Konstantin and Bruening, Derek and Potapenko, Alexander and Vyukov, Dmitriy},
booktitle={2012 USENIX annual technical conference (USENIX ATC 12)},
pages={309--318},
year={2012}
}
@techreport{Qualcomm2017PointerAuth,
title = {Pointer Authentication on ArmV8.3: Design and Analysis of the New Software Security Instructions},
author = {{Qualcomm Technologies, Inc.}},
year = {2017},
type = {{White Paper}},
note = {Accessed: 2023-12-14},
url = {https://www.qualcomm.com/content/dam/qcomm-martech/dm-assets/documents/pointer-auth-v7.pdf}
}
@techreport{ARM2019MTE,
title = {ArmV8.5-A Memory Tagging Extension},
author = {{ARM Ltd.}},
year = {2019},
type = {{White Paper}},
note = {Accessed: 2023-12-14},
url = {https://developer.arm.com/documentation/102925/latest/}
}
@techreport{ARMA2024Arch64,
title = {Arm Architecture Reference Manual for A-profile architecture},
author = {{ARM Ltd.}},
type = {{White Paper}},
note = {Accessed: 2024-03-21},
url = {https://developer.arm.com/documentation/ddi0487/latest/}
}
@inproceedings{lehmann2020everything,
title={Everything old is new again: Binary security of {WebAssembly}},
author={Lehmann, Daniel and Kinder, Johannes and Pradel, Michael},
booktitle={29th USENIX Security Symposium (USENIX Security 20)},
pages={217--234},
year={2020}
}
@MISC{CVE-2023-4863,
title = {{CVE}-2023-4863},
howpublished = "Available from NIST National Vulnerability Database, {CVE-ID} {CVE}-2023-4863.",
year = {2023},
url={https://nvd.nist.gov/vuln/detail/CVE-2023-4863},
urldate={2015-04-19}
}
@inproceedings{szekeres2013sok,
title={Sok: Eternal war in memory},
author={Szekeres, Laszlo and Payer, Mathias and Wei, Tao and Song, Dawn},
booktitle={2013 IEEE Symposium on Security and Privacy},
pages={48--62},
year={2013},
organization={IEEE}
}
@misc{chromium_memory_safety,
title = {Memory Safety},
url = {https://www.chromium.org/Home/chromium-security/memory-safety/},
urldate = {2024-03-14},
publisher = {The Chromium Project},
note = {Accessed on March 14, 2024}
}
@misc{mte_as_implemented,
title = {MTE as Implemented},
url = {https://googleprojectzero.blogspot.com/2023/08/mte-as-implemented-part-1.html},
urldate = {2023-08-02},
publisher = {Brand, Mark},
note = {Accessed on March 27, 2024}
}
@misc{microsoft_memory_safety,
title = {A proactive approach to more secure code},
url = {https://msrc.microsoft.com/blog/2019/07/a-proactive-approach-to-more-secure-code/},
urldate = {2019-07-16},
author = {Thomas, Gavin},
publisher = {MSRC, Microsoft},
note = {Accessed on March 14, 2024}
}
@misc{android_memory_safety,
title = {Queue the Hardening Enhancements},
url = {https://security.googleblog.com/2019/05/queue-hardening-enhancements.html},
author = {Vander Stoep, Jeff and Zhang, Chong},
urldate = {2019-05-09},
publisher = {Adnroid Security & Privacy Team},
note = {Accessed on March 14, 2024}
}
@article{serebryany2023gwp,
title={GWP-ASan: Sampling-Based Detection of Memory-Safety Bugs in Production},
author={Serebryany, Kostya and Kennelly, Chris and Phillips, Mitch and Denton, Matt and Elver, Marco and Potapenko, Alexander and Morehouse, Matt and Tsyrklevich, Vlad and Holler, Christian and Lettner, Julian and others},
journal={arXiv preprint arXiv:2311.09394},
year={2023}
}
@article{kocher2020spectre,
title={Spectre attacks: Exploiting speculative execution},
author={Kocher, Paul and Horn, Jann and Fogh, Anders and Genkin, Daniel and Gruss, Daniel and Haas, Werner and Hamburg, Mike and Lipp, Moritz and Mangard, Stefan and Prescher, Thomas and others},
journal={Communications of the ACM},
volume={63},
number={7},
pages={93--101},
year={2020},
publisher={ACM New York, NY, USA}
}
@inproceedings{lattner2004llvm,
title={LLVM: A compilation framework for lifelong program analysis \& transformation},
author={Lattner, Chris and Adve, Vikram},
booktitle={International symposium on code generation and optimization, 2004. CGO 2004.},
pages={75--86},
year={2004},
organization={IEEE}
}
@article{nethercote2007valgrind,
title={Valgrind: a framework for heavyweight dynamic binary instrumentation},
author={Nethercote, Nicholas and Seward, Julian},
journal={ACM Sigplan notices},
volume={42},
number={6},
pages={89--100},
year={2007},
publisher={ACM New York, NY, USA}
}
@article{serebryany2018memory,
title={Memory Tagging and how it improves C/C++ memory safety},
author={Serebryany, Kostya and Stepanov, Evgenii and Shlyapnikov, Aleksey and Tsyrklevich, Vlad and Vyukov, Dmitry},
journal={arXiv preprint arXiv:1802.09517},
year={2018}
}
@misc{polybenchc,
title = {Polybench: The polyhedral benchmark suite},
author = {Pouchet, Louis-Noel},
url = {https://web.cs.ucla.edu/~pouchet/software/polybench/},
note = {Accessed: 2024-03-25}
}
@article{woodruff2014cheri,
title={The CHERI capability model: Revisiting RISC in an age of risk},
author={Woodruff, Jonathan and Watson, Robert NM and Chisnall, David and Moore, Simon W and Anderson, Jonathan and Davis, Brooks and Laurie, Ben and Neumann, Peter G and Norton, Robert and Roe, Michael},
journal={ACM SIGARCH Computer Architecture News},
volume={42},
number={3},
pages={457--468},
year={2014},
publisher={ACM New York, NY, USA}
}
@thesis{rehde2023wasm,
author = {Rehde, Fritz},
title = {Hardware-Assisted Memory Safety for WebAssembly},
type = {bathesis},
institution = {Technical University of Munich},
date = {2023},
}
@article{michael2023mswasm,
title={Mswasm: Soundly enforcing memory-safe execution of unsafe code},
author={Michael, Alexandra E and Gollamudi, Anitha and Bosamiya, Jay and Johnson, Evan and Denlinger, Aidan and Disselkoen, Craig and Watt, Conrad and Parno, Bryan and Patrignani, Marco and Vassena, Marco and others},
journal={Proceedings of the ACM on Programming Languages},
volume={7},
number={POPL},
pages={425--454},
year={2023},
publisher={ACM New York, NY, USA}
}
@inproceedings{disselkoen2019position,
title={Position paper: Progressive memory safety for webassembly},
author={Disselkoen, Craig and Renner, John and Watt, Conrad and Garfinkel, Tal and Levy, Amit and Stefan, Deian},
booktitle={Proceedings of the 8th International Workshop on Hardware and Architectural Support for Security and Privacy},
pages={1--8},
year={2019}
}
@article{paraskevopoulou2024richwasm,
title={RichWasm: Bringing Safe, Fine-Grained, Shared-Memory Interoperability Down to WebAssembly},
author={Paraskevopoulou, Zoe and Fitzgibbons, Michael and Thalakottur, Michelle and Mushtak, Noble and Mazur, Jose Sulaiman and Ahmed, Amal},
journal={arXiv preprint arXiv:2401.08287},
year={2024}
}
@inproceedings{szewczyk2022leaps,
title={Leaps and bounds: Analyzing WebAssembly’s performance with a focus on bounds checking},
author={Szewczyk, Raven and Stonehouse, Kimberley and Barbalace, Antonio and Spink, Tom},
booktitle={2022 IEEE International Symposium on Workload Characterization (IISWC)},
pages={256--268},
year={2022},
organization={IEEE}
}
@inproceedings{musch2019new,
title={New Kid on the Web: A Study on the Prevalence of WebAssembly in the Wild},
author={Musch, Marius and Wressnegger, Christian and Johns, Martin and Rieck, Konrad},
booktitle={Detection of Intrusions and Malware, and Vulnerability Assessment: 16th International Conference, DIMVA 2019, Gothenburg, Sweden, June 19--20, 2019, Proceedings 16},
pages={23--42},
year={2019},
organization={Springer}
}
@misc{wasm_use_cases,
title = {WebAssembly Use Cases},
url = {https://webassembly.org/docs/use-cases/},
note = {Accessed on March 28, 2024}
}
@misc{scudo_allocator,
title = {Scudo Hardened Allocator},
url = {https://llvm.org/docs/ScudoHardenedAllocator.html},
note = {Accessed on March 28, 2024}
}
@misc{chrome_partition_alloc,
title = {Chromium PartitionAlloc},
url = {https://chromium.googlesource.com/chromium/src/+/master/base/allocator/partition_allocator/},
note = {Accessed on March 28, 2024}
}
@misc{glibc_ptmalloc,
title = {glibc ptmalloc},
url = {https://ftp.gnu.org/gnu/glibc/},
note = {Accessed on March 28, 2024}
}
@TechReport{UCAM-CL-TR-982,
author = {Watson, Robert N. M. and Barnes, Graeme and Clarke, Jessica
and Grisenthwaite, Richard and Sewell, Peter and Moore,
Simon W. and Woodruff, Jonathan},
title = {{Arm Morello Programme: Architectural security goals and
known limitations}},
year = 2023,
month = jul,
url = {https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-982.pdf},
institution = {University of Cambridge, Computer Laboratory},
doi = {10.48456/tr-982},
number = {UCAM-CL-TR-982}
}
@inproceedings{xia2019cherivoke,
title={Cherivoke: Characterising pointer revocation using cheri capabilities for temporal memory safety},
author={Xia, Hongyan and Woodruff, Jonathan and Ainsworth, Sam and Filardo, Nathaniel W and Roe, Michael and Richardson, Alexander and Rugg, Peter and Neumann, Peter G and Moore, Simon W and Watson, Robert NM and others},
booktitle={Proceedings of the 52nd Annual IEEE/ACM International Symposium on Microarchitecture},
pages={545--557},
year={2019}
}
@book{pierce2002types,
title={Types and programming languages},
author={Pierce, Benjamin C},
year={2002},
publisher={MIT press}
}
@article{plotkin1981structural,
title={A structural approach to operational semantics},
author={Plotkin, Gordon D},
year={1981},
publisher={Aarhus university}
}
@inproceedings{necula2002ccured,
title={CCured: Type-safe retrofitting of legacy code},
author={Necula, George C and McPeak, Scott and Weimer, Westley},
booktitle={Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages},
pages={128--139},
year={2002}
}
@inproceedings{jim2002cyclone,
title={Cyclone: a safe dialect of C.},
author={Jim, Trevor and Morrisett, J Gregory and Grossman, Dan and Hicks, Michael W and Cheney, James and Wang, Yanling},
booktitle={USENIX Annual Technical Conference, General Track},
pages={275--288},
year={2002}
}
@inproceedings{nagarakatte2009softbound,
title={SoftBound: Highly compatible and complete spatial memory safety for C},
author={Nagarakatte, Santosh and Zhao, Jianzhou and Martin, Milo MK and Zdancewic, Steve},
booktitle={Proceedings of the 30th ACM SIGPLAN Conference on Programming Language Design and Implementation},
pages={245--258},
year={2009}
}
@inproceedings{akritidis2009baggy,
title={Baggy Bounds Checking: An Efficient and Backwards-Compatible Defense against Out-of-Bounds Errors.},
author={Akritidis, Periklis and Costa, Manuel and Castro, Miguel and Hand, Steven},
booktitle={USENIX Security Symposium},
volume={10},
pages={96},
year={2009}
}
@inproceedings{akritidis2010cling,
title={Cling: A memory allocator to mitigate dangling pointers},
author={Akritidis, Periklis and others},
booktitle={19th USENIX Security Symposium (USENIX Security 10)},
year={2010}
}
@article{watson_cheri_2020,
title = {{CHERI} {C}/{C}++ {Programming} {Guide}},
language = {en},
author = {Watson, Robert N M and Richardson, Alexander and Davis, Brooks and Baldwin, John and Chisnall, David and Clarke, Jessica and Filardo, Nathaniel and Moore, Simon W and Napierala, Edward and Sewell, Peter and Neumann, Peter G},
year = {2020},
month = {June},
}
@inproceedings{bozdougan2022safepm,
title={SafePM: A sanitizer for persistent memory},
author={Bozdo{\u{g}}an, Kartal Kaan and Stavrakakis, Dimitrios and Issa, Shady and Bhatotia, Pramod},
booktitle={Proceedings of the Seventeenth European Conference on Computer Systems},
pages={506--524},
year={2022}
}