{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,10]],"date-time":"2025-09-10T22:19:21Z","timestamp":1757542761503},"reference-count":58,"publisher":"Oxford University Press (OUP)","issue":"2","license":[{"start":{"date-parts":[[2024,3,16]],"date-time":"2024-03-16T00:00:00Z","timestamp":1710547200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/academic.oup.com\/pages\/standard-publication-reuse-rights"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2024,3,25]]},"abstract":"<jats:title>Abstract<\/jats:title>\n               <jats:p>Software vulnerabilities are the root cause for a multitude of security problems in computer systems. Owing to their efficiency and tight control over low-level system resources, the C and C++ programming languages are extensively used for a myriad of purposes, from implementing operating system kernels to user-space applications. However, insufficient or improper memory management frequently leads to invalid memory accesses, eventually resulting in memory corruption vulnerabilities. These vulnerabilities are used as a foothold for elaborated attacks that bypass existing defense methods. In this paper, we summarise the main memory safety violation types (i.e. memory errors), and analyse how they are exploited by attackers and the main mitigation methods proposed in the research community. We further systematise the most relevant techniques with regards to memory corruption identification in current programs.<\/jats:p>","DOI":"10.1093\/jigpal\/jzae008","type":"journal-article","created":{"date-parts":[[2024,3,16]],"date-time":"2024-03-16T21:56:31Z","timestamp":1710626191000},"page":"281-292","source":"Crossref","is-referenced-by-count":1,"title":["Detection, exploitation and mitigation of memory errors"],"prefix":"10.1093","volume":"32","author":[{"given":"Oscar","family":"Llorente-Vazquez","sequence":"first","affiliation":[{"name":"Faculty of Engineering, University of Deusto , 48007 Bilbao, Spain, ollorente@opendeusto.es"}]},{"given":"Igor","family":"Santos-Grueiro","sequence":"additional","affiliation":[{"name":"Faculty of Engineering, Mondragon Unibertsitatea , 20500 Arrasate-Mondragon, Spain; HP Labs, BS34 8QZ Bristol, UK, isantos@mondragon.edu ; igor.santos.grueiro@hp.com"}]},{"given":"Iker","family":"Pastor-Lopez","sequence":"additional","affiliation":[{"name":"Faculty of Engineering, University of Deusto , 48007 Bilbao, Spain, iker.pastor@deusto.es"}]},{"given":"Pablo","family":"Garcia Bringas","sequence":"additional","affiliation":[{"name":"Faculty of Engineering, University of Deusto , 48007 Bilbao, Spain, pablo.garcia.bringas@deusto.es"}]}],"member":"286","published-online":{"date-parts":[[2024,3,16]]},"reference":[{"key":"2024071717523681600_ref1","article-title":"Baggy bounds checking: an efficient and backwards-compatible defense against out-of-bounds errors","author":"Akritidis","year":"2009","journal-title":"USENIX Security Symposium"},{"key":"2024071717523681600_ref2","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3182657","article-title":"A survey of symbolic execution techniques","volume":"51","author":"Baldoni","year":"2018","journal-title":"ACM Computing Surveys (CSUR)"},{"key":"2024071717523681600_ref3","article-title":"Jump-oriented programming: a new class of code-reuse attack","author":"Bletsch","year":"2011","journal-title":"ACM Symposium on Information, Computer and Communications Security"},{"key":"2024071717523681600_ref4","article-title":"Practical memory checking with dr. memory","author":"Bruening","year":"2011","journal-title":"International Symposium on Code Generation and Optimization (CGO)"},{"key":"2024071717523681600_ref5","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3054924","article-title":"Control-flow integrity: precision, security, and performance","volume":"50","author":"Burow","year":"2017","journal-title":"ACM Computing Surveys (CSUR)"},{"key":"2024071717523681600_ref6","article-title":"Detecting concurrency memory corruption vulnerabilities","author":"Cai","year":"2019","journal-title":"ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC\/FSE)"},{"key":"2024071717523681600_ref7","article-title":"Securing software by enforcing data-flow integrity","author":"Castro","year":"2006","journal-title":"USENIX Symposium on Operating Systems Design and Implementation (OSDI)"},{"key":"2024071717523681600_ref8","article-title":"MUZZ: thread-aware grey-box fuzzing for effective bug hunting in multithreaded Programs","author":"Chen","year":"2020","journal-title":"USENIX Security Symposium"},{"key":"2024071717523681600_ref9","article-title":"Non-control-data attacks are realistic threats","author":"Chen","year":"2005","journal-title":"USENIX Security Symposium"},{"key":"2024071717523681600_ref10","doi-asserted-by":"crossref","DOI":"10.1109\/EuroSP.2017.17","article-title":"Codearmor: virtualizing the code space to counter disclosure attacks","author":"Chen","year":"2017","journal-title":"IEEE European Symposium on Security and Privacy (EuroS&P)"},{"key":"2024071717523681600_ref11","article-title":"Clang static analyzer"},{"key":"2024071717523681600_ref12","article-title":"Teerex: discovery and exploitation of memory corruption vulnerabilities in sgx enclaves","author":"Cloosters","year":"2020","journal-title":"USENIX Security Symposium"},{"key":"2024071717523681600_ref13","article-title":"Cwe\u20142021 cwe top 25 most dangerous software weaknesses"},{"key":"2024071717523681600_ref14","article-title":"Return-to-libc attack","author":"Solar Designer","year":"1997","journal-title":"Bugtraq"},{"key":"2024071717523681600_ref15","article-title":"Retrowrite: statically instrumenting cots binaries for fuzzing and sanitization","author":"Dinesh","year":"2020","journal-title":"IEEE Symposium on Security and Privacy"},{"key":"2024071717523681600_ref16","doi-asserted-by":"crossref","DOI":"10.1145\/3192366.3192388","article-title":"Effectivesan: type and memory error detection using dynamically typed c\/c++","author":"Duck","year":"2018","journal-title":"ACM SIGPLAN Conference on Programming Language Design and Implementation"},{"key":"2024071717523681600_ref17","doi-asserted-by":"crossref","DOI":"10.1109\/EuroSP.2018.00024","article-title":"Position-independent code reuse: on the effectiveness of aslr in the absence of information disclosure","author":"G\u00f6ktas","year":"2018","journal-title":"IEEE European Symposium on Security and Privacy (EuroS&P)"},{"key":"2024071717523681600_ref18","article-title":"Typesan: practical type confusion detection","author":"Haller","year":"2016","journal-title":"ACM SIGSAC Conference on Computer and Communications Security"},{"key":"2024071717523681600_ref19","article-title":"Automatic generation of data-oriented exploits","author":"Hong","year":"2015","journal-title":"USENIX Security Symposium"},{"key":"2024071717523681600_ref20","article-title":"Data-oriented programming: on the expressiveness of non-control data attacks","author":"Hu","year":"2016","journal-title":"IEEE Symposium on Security and Privacy"},{"key":"2024071717523681600_ref21","article-title":"Block oriented programming: automating data-only attacks","author":"Ispoglou","year":"2018","journal-title":"ACM SIGSAC Conference on Computer and Communications Security (CCS)"},{"key":"2024071717523681600_ref22","article-title":"Hextype: efficient detection of type confusion errors for c++","author":"Jeon","year":"2017","journal-title":"ACM SIGSAC Conference on Computer and Communications Security"},{"key":"2024071717523681600_ref23","article-title":"Towards efficient heap overflow discovery","author":"Jia","year":"2017","journal-title":"USENIX Security Symposium"},{"key":"2024071717523681600_ref24","article-title":"Evaluating fuzz testing","author":"Klees","year":"2018","journal-title":"ACM SIGSAC Conference on Computer and Communications Security"},{"key":"2024071717523681600_ref25","article-title":"Cbmc\u2013c bounded model checker","author":"Kroening","year":"2014","journal-title":"Conference on Tools and Algorithms for the Construction and Analysis of Systems"},{"key":"2024071717523681600_ref26","article-title":"Code-pointer integrity","author":"Kuznetzov","year":"2018","journal-title":"USENIX Security Symposium"},{"key":"2024071717523681600_ref27","article-title":"Sok: automated software diversity","author":"Larsen","year":"2014","journal-title":"IEEE Symposium on Security and Privacy"},{"key":"2024071717523681600_ref28","article-title":"$\\{PAC\\}$ it up: towards pointer integrity using $\\{ARM\\}$ pointer authentication","author":"Liljestrand","year":"2019","journal-title":"USENIX Security Symposium"},{"key":"2024071717523681600_ref29","article-title":"A heuristic framework to detect concurrency vulnerabilities","author":"Liu","year":"2018","journal-title":"Annual Computer Security Applications Conference (ACSAC)"},{"key":"2024071717523681600_ref30","article-title":"Aslr-guard: stopping address space leakage for code reuse attacks","author":"Lu","year":"2015","journal-title":"ACM SIGSAC Conference on Computer and Communications Security (CCS)"},{"key":"2024071717523681600_ref31","article-title":"DR.CHECKER: a soundy analysis for linux kernel drivers","author":"Machiry","year":"2017","journal-title":"USENIX Security Symposium"},{"key":"2024071717523681600_ref32","article-title":"The art, science, and engineering of fuzzing: a survey","author":"Man\u00e8s","year":"2019","journal-title":"IEEE Transactions on Software Engineering"},{"key":"2024071717523681600_ref33","doi-asserted-by":"crossref","DOI":"10.1145\/1542476.1542504","article-title":"Softbound: highly compatible and complete spatial memory safety for c","author":"Nagarakatte","year":"2009","journal-title":"ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI)"},{"key":"2024071717523681600_ref34","doi-asserted-by":"crossref","DOI":"10.1145\/1806651.1806657","article-title":"Cets: compiler enforced temporal safety for c","author":"Nagarakatte","year":"2010","journal-title":"International Symposium on Memory Management"},{"key":"2024071717523681600_ref35","doi-asserted-by":"crossref","first-page":"89","DOI":"10.1145\/1273442.1250746","article-title":"Valgrind: a framework for heavyweight dynamic binary instrumentation","volume":"42","author":"Nethercote","year":"2007","journal-title":"ACM Sigplan Notices"},{"key":"2024071717523681600_ref36","article-title":"Parmesan: sanitizer-guided greybox fuzzing","author":"\u00d6sterlund","year":"2020","journal-title":"USENIX Security Symposium"},{"key":"2024071717523681600_ref37","doi-asserted-by":"crossref","DOI":"10.1145\/1357010.1352618","article-title":"Documenting and automating collateral evolutions in linux device drivers","author":"Padioleau","year":"2008","journal-title":"ACM Operating Systems Review"},{"key":"2024071717523681600_ref38","article-title":"Fine-grained control-flow integrity through binary hardening","author":"Payer","year":"2015","journal-title":"International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA)"},{"key":"2024071717523681600_ref39","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/2133375.2133377","article-title":"Return-oriented programming: systems, languages, and applications","volume":"15","author":"Roemer","year":"2012","journal-title":"ACM Transactions on Information and System Security (TISSEC)"},{"key":"2024071717523681600_ref40","article-title":"Counterfeit object-oriented programming: on the difficulty of preventing code reuse attacks in c++ applications","author":"Schuster","year":"2015","journal-title":"IEEE Symposium on Security and Privacy"},{"key":"2024071717523681600_ref41","article-title":"Adapting software fault isolation to contemporary cpu architectures","author":"Sehr","year":"2010","journal-title":"USENIX Security Symposium"},{"key":"2024071717523681600_ref42","article-title":"Addresssanitizer: a fast address sanity checker","author":"Serebryany","year":"2012","journal-title":"USENIX Annual Technical Conference"},{"key":"2024071717523681600_ref43","article-title":"Using valgrind to detect undefined value errors with bit-precision","author":"Seward","year":"2005","journal-title":"USENIX Annual Technical Conference"},{"key":"2024071717523681600_ref44","article-title":"The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86)","author":"Shacham","year":"2007","journal-title":"ACM Conference on Computer and Communications Security"},{"key":"2024071717523681600_ref45","article-title":"On the effectiveness of address-space randomization","author":"Shacham","year":"2004","journal-title":"ACM Conference on Computer and Communications Security (CCS)"},{"key":"2024071717523681600_ref46","article-title":"Sok:(state of) the art of war: offensive techniques in binary analysis","author":"Shoshitaishvili","year":"2016","journal-title":"IEEE Symposium on Security and Privacy"},{"key":"2024071717523681600_ref47","article-title":"Just-in-time code reuse: on the effectiveness of fine-grained address space layout randomization","author":"Snow","year":"2013","journal-title":"IEEE Symposium on Security and Privacy"},{"key":"2024071717523681600_ref48","doi-asserted-by":"crossref","DOI":"10.14722\/ndss.2016.23218","article-title":"Enforcing kernel security invariants with data flow integrity","author":"Song","year":"2016","journal-title":"Annual Network and Distributed System Security Symposium (NDSS)"},{"key":"2024071717523681600_ref49","doi-asserted-by":"crossref","DOI":"10.14722\/ndss.2019.23176","article-title":"Periscope: an effective probing and fuzzing framework for the hardware-os boundary","author":"Song","year":"2019","journal-title":"Annual Network and Distributed System Security Symposium (NDSS)"},{"key":"2024071717523681600_ref50","article-title":"Sok: sanitizing for security","author":"Song","year":"2019","journal-title":"IEEE Symposium on Security and Privacy"},{"key":"2024071717523681600_ref51","article-title":"Sok: eternal war in memory","author":"Szekeres","year":"2013","journal-title":"IEEE Symposium on Security and Privacy"},{"key":"2024071717523681600_ref52","article-title":"Undefinedbehaviorsanitizer"},{"key":"2024071717523681600_ref53","article-title":"The dynamics of innocent flesh on the bone: code reuse ten years later","author":"Van der Veen","year":"2017","journal-title":"ACM SIGSAC Conference on Computer and Communications Security"},{"key":"2024071717523681600_ref54","article-title":"Memory errors: the past, the present, and the future","author":"Van der Veen","year":"2012","journal-title":"International Conference on Recent Advances in Intrusion Detection (RAID)"},{"key":"2024071717523681600_ref55","article-title":"A tough call: mitigating advanced code-reuse attacks at the binary level","author":"Van Der Veen","year":"2016","journal-title":"IEEE Symposium on Security and Privacy"},{"key":"2024071717523681600_ref56","article-title":"Typestate-guided fuzzer for discovering use-after-free vulnerabilities","author":"Wang","year":"2020","journal-title":"IEEE\/ACM International Conference on Software Engineering (ICSE)"},{"key":"2024071717523681600_ref57","article-title":"Spatio-temporal context reduction: a pointer-analysis-based static approach for detecting use-after-free vulnerabilities","author":"Yan","year":"2018","journal-title":"IEEE\/ACM International Conference on Software Engineering (ICSE)"},{"key":"2024071717523681600_ref58","article-title":"Armlock: hardware-based fault isolation for arm","author":"Zhou","year":"2014","journal-title":"ACM SIGSAC Conference on Computer and Communications Security (CCS)"}],"container-title":["Logic Journal of the IGPL"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/academic.oup.com\/jigpal\/article-pdf\/32\/2\/281\/58499052\/jzae008.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/academic.oup.com\/jigpal\/article-pdf\/32\/2\/281\/58499052\/jzae008.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,7,17]],"date-time":"2024-07-17T17:53:10Z","timestamp":1721238790000},"score":1,"resource":{"primary":{"URL":"https:\/\/academic.oup.com\/jigpal\/article\/32\/2\/281\/7627776"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,3,16]]},"references-count":58,"journal-issue":{"issue":"2","published-online":{"date-parts":[[2024,3,16]]},"published-print":{"date-parts":[[2024,3,25]]}},"URL":"https:\/\/doi.org\/10.1093\/jigpal\/jzae008","relation":{},"ISSN":["1367-0751","1368-9894"],"issn-type":[{"value":"1367-0751","type":"print"},{"value":"1368-9894","type":"electronic"}],"subject":[],"published-other":{"date-parts":[[2024,4]]},"published":{"date-parts":[[2024,3,16]]}}}