Papers
Topics
Authors
Recent
Search
2000 character limit reached

StarMalloc: A Formally Verified, Concurrent, Performant, and Security-Oriented Memory Allocator

Published 14 Mar 2024 in cs.PL and cs.CR | (2403.09435v1)

Abstract: In this work, we present StarMalloc, a verified, security-oriented, concurrent memory allocator that can be used as a drop-in replacement in real-world projects. Using the Steel separation logic framework, we show how to specify and verify StarMalloc, relying on dependent types and modular abstractions to enable efficient verification. As part of StarMalloc, we also develop several generic datastructures and proof libraries directly reusable in future systems verification projects. We finally show that StarMalloc can be used with real-world projects, including the Firefox browser, and evaluate it against 10 state-of-the-art memory allocators, demonstrating its competitiveness.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (94)
  1. Periklis Akritidis. 2010. Cling: A Memory Allocator to Mitigate Dangling Pointers.. In Proceedings of the USENIX Security Symposium.
  2. The Last Mile: High-Assurance and High-Speed Cryptographic Implementations. In Proceedings of the IEEE Symposium on Security and Privacy (S&P).
  3. Andrew W. Appel. 2011. Verified Software Toolchain. In Proceedings of the European Conference on Programming Languages and Systems (ESOP).
  4. Andrew W. Appel. 2015. Verification of a Cryptographic Primitive: SHA-256. In ACM Transactions on Programming Languages and Systems (TOPLAS).
  5. Andrew W Appel and David A Naumann. 2020. Verified sequential malloc/free. In Proceedings of the International Symposium on Memory Management (ISMM).
  6. Apple Security Research. 2022. Towards the next generation of XNU memory safety: kalloc_type. https://security.apple.com/blog/towards-the-next-generation-of-xnu-memory-safety/.
  7. Formal Verification of a Constant-Time Preserving C Compiler. In Proceedings of the ACM Symposium on Principles of Programming Languages (POPL).
  8. Emery D. Berger. 2012. Software Needs Seatbelts and Airbags: Finding and Fixing Bugs in Deployed Software is Difficult and Time-Consuming. Here Are Some Alternatives. Commun. ACM (2012).
  9. Emery D. Berger and Benjamin G. Zorn. 2006. DieHard: Probabilistic Memory Safety for Unsafe Languages. In Proceedings of the Conference on Programming Language Design and Implementation (PLDI).
  10. Edwin Brady. 2013. Idris, a general-purpose dependently typed programming language: Design and implementation. Journal of Functional Programming 23 (9 2013), 552–593. Issue 05.
  11. Picking a CHERI Allocator: Security and Performance Considerations. In Proceedings of the International Symposium on Memory Management (ISMM).
  12. Stephen Brookes. 2007. A Semantics for Concurrent Separation Logic. In Theoretical Computer Science (TCS).
  13. The Chromium Project. 2020. Memory Safety. https://www.chromium.org/Home/chromium-security/memory-safety/.
  14. Leonardo de Moura and Nikolaj Bjørner. 2008. Z3: An efficient SMT solver. In Proceedings of the Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS).
  15. Damien Doligez and Georges Gonthier. 1994. Portable, unobtrusive garbage collection for multiprocessor systems. In Proceedings of the ACM Symposium on Principles of Programming Languages (POPL).
  16. Damien Doligez and Xavier Leroy. 1993. A concurrent, generational garbage collector for a multithreaded implementation of ML. In Proceedings of the ACM Symposium on Principles of Programming Languages (POPL).
  17. A Metaprogramming Framework for Formal Verification. In Proceedings of the International Conference on Functional Programming (ICFP).
  18. Simple High-Level Code for Cryptographic Arithmetic - With Proofs, Without Compromises. In Proceedings of the IEEE Symposium on Security and Privacy (S&P).
  19. Jason Evans. 2006. A scalable concurrent malloc (3) implementation for FreeBSD. In BSDCan — The Technical BSD Conference.
  20. Formal modelling of list based dynamic memory allocators. Science China Information Sciences 61 (2018), 1–16.
  21. Rich Felker. 2020. Comparison between hardened_malloc and musl mallocs. https://www.openwall.com/lists/musl/2020/05/13/1.
  22. Steel: Proof-Oriented Programming in a Dependently Typed Concurrent Separation Logic. In Proceedings of the International Conference on Functional Programming (ICFP).
  23. GitHub Team. 2023. The top programming languages. https://octoverse.github.com/2022/top-programming-languages
  24. glibc. 2017a. Bug 22343 (CVE-2018-6485) - Integer overflow in posix_memalign (CVE-2018-6485). https://sourceware.org/bugzilla/show_bug.cgi?id=22343.
  25. glibc. 2017b. Bug 22375 (CVE-2017-17426) - malloc returns pointer from tcache_get when should return NULL (CVE-2017-17426). https://sourceware.org/bugzilla/show_bug.cgi?id=22375.
  26. glibc. 2020. Bug 26306 - Confusion in malloc.c about the fastbins size check. https://sourceware.org/bugzilla/show_bug.cgi?id=26306.
  27. GrapheneOS Development Team. 2021. hardened_malloc – GrapheneOS’s hardened memory allocator. https://github.com/GrapheneOS/hardened_malloc/blob/main/README.md#security-properties.
  28. CertiKOS: An Extensible Architecture for Building Certified Concurrent OS Kernels. In Proceedings of the USENIX Symposium on Operating Systems Design and Implementation (OSDI).
  29. Noise*: A library of verified high-performance secure channel protocol implementations. In Proceedings of the IEEE Symposium on Security and Privacy (S&P).
  30. Mike Hommey. 2012. Hooking the memory allocator in Firefox. https://glandium.org/blog/?p=2848.
  31. Samin S. Ishtiaq and Peter W. O’Hearn. 2001. BI as an Assertion Language for Mutable Data Structures. In Proceedings of the ACM Symposium on Principles of Programming Languages (POPL).
  32. ISO. 1999. ISO/IEC 9899:1999 C standard. https://www.open-std.org/jtc1/sc22/wg14/www/docs/n1256.pdf.
  33. ISO. 2011. ISO/IEC 9899:2011 C standard. https://www.open-std.org/jtc1/sc22/wg14/www/docs/n1570.pdf.
  34. JetStream2. 2022. JetStream 2.1 In-Depth Analysis. https://browserbench.org/JetStream/in-depth.html.
  35. A Formally Verified Buddy Memory Allocation Model. In Proceedings of the International Conference on Engineering of Complex Computer Systems (ICECCS).
  36. Cliff B. Jones. 1983. Tentative steps toward a development method for interfering programs. In ACM Transactions on Programming Languages and Systems (TOPLAS).
  37. Iris from the ground up: A modular foundation for higher-order concurrent separation logic. Journal of Functional Programming 28 (2018).
  38. Iris: Monoids and Invariants as an Orthogonal Basis for Concurrent Reasoning. In Proceedings of the ACM Symposium on Principles of Programming Languages (POPL).
  39. Brian W Kernighan and Dennis M Ritchie. 1988. The C programming language. (1988).
  40. Formally verified software in the real world. Commun. ACM 61, 10 (2018), 68–77.
  41. seL4: Formal Verification of an OS Kernel. In Proceedings of the ACM Symposium on Operating Systems Principles (SOSP).
  42. The Essence of Higher-Order Concurrent Separation Logic. In Proceedings of the European Conference on Programming Languages and Systems (ESOP).
  43. CakeML: A Verified Implementation of ML. In Proceedings of the ACM Symposium on Principles of Programming Languages (POPL).
  44. mimalloc-bench – Suite for benchmarking malloc implementation. https://github.com/daanx/mimalloc-bench.
  45. Mimalloc: Free list sharding in action. In Proceedings of the Asian Conference on Programming Languages and Systems (ASPLAS).
  46. K. Rustan M. Leino. 2010. Dafny: An Automatic Program Verifier for Functional Correctness. In Proceedings of the Conference on Logic for Programming, Artificial Intelligence, and Reasoning (LPAR).
  47. Xavier Leroy. 2006. Formal certification of a compiler back-end, or: programming a compiler with a proof assistant. In Proceedings of the ACM Symposium on Principles of Programming Languages (POPL).
  48. Snmalloc: A Message Passing Allocator. In Proceedings of the 2019 ACM SIGPLAN International Symposium on Memory Management (Phoenix, AZ, USA) (ISMM 2019). Association for Computing Machinery, New York, NY, USA, 122–135. https://doi.org/10.1145/3315573.3329980
  49. Slimguard: A secure and memory-efficient heap allocator. In Proceedings of the ACM/IFIP/USENIX International Middleware Conference.
  50. LLVM Project. 2023. Scudo Hardened Allocator. https://llvm.org/docs/ScudoHardenedAllocator.html.
  51. Formal verification of a memory allocation module of Contiki with Frama-C: a case study. In Proceedings of the International Conference on Risks and Security of Internet and Systems (CRiSIS).
  52. Formal Verification of the Heap Manager of an Operating System using Separation Logic. In Proceedings of the International Conference on Formal Engineering Methods (ICFEM).
  53. Meta-F*: Proof Automation with SMT, Tactics, and Metaprograms. In Proceedings of the European Conference on Programming Languages and Systems (ESOP).
  54. MSRC Team. 2021. BadAlloc – Memory allocation vulnerabilities could affect wide range of IoT and OT devices in industrial, medical, and enterprise networks. https://msrc-blog.microsoft.com/2021/04/29/badalloc-memory-allocation-vulnerabilities-could-affect-wide-range-of-iot-and-ot-devices-in-industrial-medical-and-enterprise-networks/.
  55. The MSRC Team. 2019. A Proactive Approach to More Secure Code. https://msrc.microsoft.com/blog/2019/07/a-proactive-approach-to-more-secure-code/.
  56. MySQL. 2019. Bug #94647 - Memory leak in MEMORY table by glibc. https://bugs.mysql.com/bug.php?id=94647.
  57. National Vulnerability Database. 2016. Use-after-free vulnerability in bzip2. CVE-2016-3189 https://nvd.nist.gov/vuln/detail/CVE-2016-3189.
  58. National Vulnerability Database. 2023a. OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. CVE-2023-25136 https://nvd.nist.gov/vuln/detail/CVE-2023-25136.
  59. National Vulnerability Database. 2023b. A use after free vulnerability exists in curl ¡v8.1.0. CVE-2023-28319 https://nvd.nist.gov/vuln/detail/CVE-2023-28319.
  60. Isabelle/HOL: a proof assistant for higher-order logic. Vol. 2283. Springer Science & Business Media.
  61. Gene Novark and Emery D Berger. 2010. DieHarder: securing the heap. In Proceedings of the ACM Conference on Computer and Communications Security (CCS).
  62. Peter W. O’Hearn. 2007. Resources, Concurrency, and Local Reasoning. In Theoretical Computer Science (TCS).
  63. Local Reasoning about Programs That Alter Data Structures. In Proceedings of the International Workshop on Computer Science Logic (CSL).
  64. For a microkernel, a big lock is fine. In Proceedings of the Asia-Pacific Workshop on Systems (APSys).
  65. HACLxN: Verified Generic SIMD Crypto (for All Your Favourite Platforms). In Proceedings of the ACM Conference on Computer and Communications Security (CCS).
  66. Red Hat Customer Portal. 2013. CVE-2013-4332. https://access.redhat.com/security/cve/cve-2013-4332.
  67. EverCrypt: A Fast, Verified, Cross-Platform Cryptographic Provider. In Proceedings of the IEEE Symposium on Security and Privacy (S&P).
  68. Verified Low-Level Programming Embedded in F*. In Proceedings of the International Conference on Functional Programming (ICFP).
  69. EverParse: Verified Secure Zero-Copy Parsers for Authenticated Message Formats.. In Proceedings of the USENIX Security Symposium.
  70. Programming and Proving with Indexed Effects. Technical Report. https://www.fstar-lang.org/papers/indexedeffects/.
  71. John Reynolds. 2002. Separation Logic: A Logic for Shared Mutable Data Structures. In Proceedings of the IEEE Symposium on Logic in Computer Science (LICS).
  72. Chris Rohlf. 2020. Isolation Alloc. https://struct.github.io/iso_alloc.html.
  73. A Formally Verified Heap Allocator. Electrical Engineering and Computer Science - Technical Reports (2018). https://surface.syr.edu/eecs_techreports/182.
  74. RefinedC: Automating the Foundational Verification of C Code with Refined Ownership Types. In Proceedings of the Conference on Programming Language Design and Implementation (PLDI).
  75. A verified generational garbage collector for CakeML. Journal of Automated Reasoning 63 (2019), 463–488.
  76. Thibaut Sautereau. 2021. Undefined behavior in get_large_size_class(). https://github.com/GrapheneOS/hardened_malloc/issues/133.
  77. FreeGuard: A Faster Secure Heap Allocator. In Proceedings of the ACM Conference on Computer and Communications Security (CCS).
  78. Dependent Types and Multi-Monadic Effects in F*. In Proceedings of the ACM Symposium on Principles of Programming Languages (POPL).
  79. Hardening attack surfaces with formally proven binary format parsers. In Proceedings of the Conference on Programming Language Design and Implementation (PLDI).
  80. SteelCore: An Extensible Concurrent Separation Logic for Effectful Dependently Typed Programs. In Proceedings of the International Conference on Functional Programming (ICFP).
  81. SoK: Eternal War in Memory. In Proceedings of the IEEE Symposium on Security and Privacy (S&P).
  82. The Shellphish Team. 2023. Educational Heap Exploitation. https://github.com/shellphish/how2heap.
  83. Theftguy. 2020. Major Bug in glibc is Killing Applications With a Memory Limit. https://thehftguy.com/2020/05/21/major-bug-in-glibc-is-killing-applications-with-a-memory-limit/.
  84. Types, Bytes, and Separation Logic. In Proceedings of the ACM Symposium on Principles of Programming Languages (POPL).
  85. Type-After-Type: Practical and Complete Type-Safe Memory Reuse. In Proceedings of the Annual Computer Security Applications Conference (ACSAC).
  86. An introduction to CHERI. Technical Report. University of Cambridge, Computer Laboratory.
  87. Explicit stabilisation for modular rely-guarantee reasoning. In Proceedings of the European Conference on Programming Languages and Systems (ESOP).
  88. Preventing Use-After-Free Attacks with Fast Forward Allocation. In Proceedings of the USENIX Security Symposium.
  89. Dynamic storage allocation: A survey and critical review. In Proceedings of the International Workshop on Memory Management (IWMM).
  90. PUMM: Preventing Use-After-Free Using Execution Unit Partitioning. In Proceedings of the USENIX Security Symposium.
  91. Verified Correctness and Security of mbedTLS HMAC-DRBG. In Proceedings of the ACM Conference on Computer and Communications Security (CCS).
  92. Building certified libraries for PCC: Dynamic storage allocation. In Proceedings of the European Conference on Programming Languages and Systems (ESOP).
  93. HardsHeap: a universal and extensible framework for evaluating secure allocators. In Proceedings of the ACM Conference on Computer and Communications Security (CCS).
  94. A verified specification of TLSF memory management allocator using state monads. In Proceedings of the International Symposium on Dependable Software Engineering: Theories, Tools, and Applications (SETTA).

Summary

No one has generated a summary of this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Sign Up to Summarize

Paper to Video (Beta)

Whiteboard

No one has generated a whiteboard explanation for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Sign Up to Generate

Open Problems

We haven't generated a list of open problems mentioned in this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Generate Now

Continue Learning

We haven't generated follow-up questions for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Generate Now

Collections

Sign up for free to add this paper to one or more collections.

User Circle Single Streamline Icon: https://streamlinehq.com Sign Up

Tweets

Sign up for free to view the 2 tweets with 2 likes about this paper.

User Circle Single Streamline Icon: https://streamlinehq.com Sign Up for Free