

Practical memory safety for C (2011) [pdf] - _pdp_
https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-798.pdf

======
nickpsecurity
I didn't have this one and it covers a lot of ground. Thanks for the
submission.

~~~
kjs3
I wouldn't mind seeing other ones you have on the subject.

~~~
nickpsecurity
Unfortunately, I think I lost a bunch of those. Too much stuff to track. I did
dig up these I found over past year or so.

Complete translation of unsafe native code to safe bytecode 2004 Alliet and
Megacz
[http://www.megacz.com/research/papers/nestedvm.ivme04.pdf](http://www.megacz.com/research/papers/nestedvm.ivme04.pdf)

The memory pool system - thirty person-years of memory management development
goes open source Brooksby and Barnes
[http://www.ravenbrook.com/project/mps/doc/2002-01-30/ismm200...](http://www.ravenbrook.com/project/mps/doc/2002-01-30/ismm2002-paper/ismm2002-a4.pdf)

Cyclone Programming Language
[https://en.wikipedia.org/wiki/Cyclone_%28programming_languag...](https://en.wikipedia.org/wiki/Cyclone_%28programming_language%29)

CCured - type-safe retrofitting of legacy code
[http://www.cs.berkeley.edu/~necula/Papers/ccured_popl02.pdf](http://www.cs.berkeley.edu/~necula/Papers/ccured_popl02.pdf)

SoftBound - highly compatible and complete spatial memory safety for C
[http://www.cis.upenn.edu/acg/papers/pldi09_softbound.pdf](http://www.cis.upenn.edu/acg/papers/pldi09_softbound.pdf)

Watchdog - hardware for safe and secure manual memory management & full mem
safety
[http://www.cs.rutgers.edu/~santosh.nagarakatte/papers/isca12...](http://www.cs.rutgers.edu/~santosh.nagarakatte/papers/isca12_watchdog.pdf)

SAFEcode - enforcing alias analysis for weakly typed languages
[http://llvm.org/pubs/2006-05-12-PLDI-
SAFECode.pdf](http://llvm.org/pubs/2006-05-12-PLDI-SAFECode.pdf)

Architectural support for a memory-safe C abstract machine
[http://www.cl.cam.ac.uk/~dc552/papers/asplos15-memory-
safe-c...](http://www.cl.cam.ac.uk/~dc552/papers/asplos15-memory-safe-c.pdf)

Those are the one's C focused. Much of my collection is about non-C languages
given it's inherently hard to protect or prove correct. Most good finds over
past year or so are hardware enhancement to improve safety/security. Also, the
SCOOP memory model & associated research papers (Google them) are smashing
concurrency problems to pieces. Worth porting over to C if possible. Then SVA-
OS for hardware interface. CompCert modifications for compiler. Maybe some
linker work. Big picture mostly done at that point. :)

~~~
kjs3
I appreciate you digging those up. Thanks.

~~~
nickpsecurity
You're welcome. :)

