
Practical Memory Safety with Random Embedded Secret Tokens [pdf] - ingve
http://www.cs.columbia.edu/~simha/preprint_isca18_REST_memory_safety.pdf
======
kazinator
This approach will trip on a conservative garbage collector scan of memory
that looks for root pointers. If you have precisely traced heap objects and
conservative stack scan, and this is only used on the heap, things are cool.

It will blow when a core dump is being saved of the process, because that just
walks memory maps, dumping them without regard for trampling on the tripwires.

If you have struct that contains multiple arrays that are fenced off from each
other with tripwires, you can't memcpy it or assign.

------
amluto
One downside is that any attacker who can learn the secret token can easily
DoS even a completely non-buggy victim process or kernel. Given Spectre-style
attacks, leaking a token doesn’t seem so farfetched.

------
delinka
Where REST is "Random Embedded Secret Tokens" \- I was intrigued how RESTful
APIs over HTTP were going to serve the title's purpose.

~~~
dang
Thanks - this is one acronym we'd better inline.

