Explore a 21-minute conference talk from USENIX WOOT '24 that challenges conventional wisdom about store-only bounds checking in C/C++ memory safety. Discover how researchers from DistriNet at KU Leuven demonstrate that omitting pointer validity checks for memory loads, while reducing performance overhead, can lead to significant security vulnerabilities. Learn how invalid reads can be exploited to bypass store-only validity checks, with empirical evidence from SoftBound implementation and analysis of 1,000 popular C/C++ repositories. Gain insights into potential defensive measures and modifications that could help complete bounds checkers maintain reduced overhead without severely compromising security.
Overview
Syllabus
WOOT '24 - Not Quite Write: On the Effectiveness of Store-Only Bounds Checking
Taught by
USENIX