BLOG Memory Safety: A Key to Robust Cybersecurity Strategies?
David Schmid

The US National Cybersecurity Strategy highlights the critical importance of addressing memory safety vulnerabilities, which constitute up to 70% of all security flaws in software developed using traditional, unsafe languages. Therefore, the strategy underscores the shift towards memory-safe programming languages, such as Rust and Go, offering robust protection against a spectrum of memory-related vulnerabilities. This shift is a step in improving cybersecurity, moving beyond mere defense against existing threats to proactively preventing a broad spectrum of vulnerabilities by design. Simultaneously C and C++ remain far from obsolete which underscores the importance of a nuanced approach to adopting these languages. A main critique on the strategy remains its disproportionate emphasis on the volume of CVEs.

Main Image Blog Article Memory Safety

Table of Contents

The Impact of Memory Safety Vulnerabilities

The White House's report "Back to the Building Blocks: A Path Toward Secure and Measurable Software" published in February 2024, aligns with Biden's National Security Strategy and highlights the need to address memory safety vulnerabilities through the adoption of memory-safe programming languages. In instances where such adoption may not be feasible, for example within space systems, it suggests alternative methodologies, including memory-safe hardware and formal methods as complementary approaches.

Memory safety vulnerabilities encompass a broad category of issues related to improper memory access, allocation and deallocation. These flaws pave the way for malicious actors to exploit software, potentially leading to unauthorized access to sensitive information, execution of malicious code and other detrimental impacts. Historical data from Microsoft underscores the gravity of the situation , with approximately 70% of software vulnerabilities originating from memory safety issues.

The prevalence of languages such as C and C++, while powerful and flexible, often lack inherent memory safety features, making them susceptible to these vulnerabilities. The Cybersecurity and Infrastructure Security Agency’s (CISA) Open-Source Software Security Roadmap further highlights the strategic advantage of adopting memory-safe programming languages from the inception of software development projects, promoting a secure-by design philosophy.

In alignment with this strategic direction, the NSA released the Software Memory Safety Cybersecurity Information Sheet in November 2022. This guidance endorses memory-safe languages such as C#, Go, Java, Ruby, Rust and Swift, which inherently protect against common memory management errors. The document further discusses the integration of static and dynamic application security testing (SAST and DAST) to identify memory use issues in software and other anti-exploitation features.

The Ongoing Relevance of C and C++

While often criticized for memory management vulnerabilities, C and C++ remain far from obsolete. It is worth noting that these languages have introduced practices and tools that significantly mitigate memory safety issues. For instance, in C++ the RAII (Resource Acquisition Is Initialization) principle ensures that resources such as memory and file handles are automatically managed and released by objects, reducing the likelihood of leaks and undefined behavior. Moreover, the Standard Template Library (STL) provides dynamic data structures like vectors and strings that manage their own memory, offering safer alternatives to raw pointers and arrays.

Tools like Valgrind for dynamic analysis, static analyzers, and sanitizers have become crucial in detecting and mitigating memory issues in C programs, enhancing their security without compromising their performance advantages.

In the end it is important to consider the context in which these languages are used. For domains where absolute control over memory and hardware is a necessity, the so-called drawbacks of C and C++ become an advantage. Factors such as execution speed, control over hardware, and the vast ecosystems of libraries and frameworks ensure they maintain their relevance.

Critique of the ONCD Report: A Focus on Quantity Over Quality

A significant criticism of the ONCD report, as highlighted in a detailed analysis by Hackaday, is its disproportionate emphasis on the volume of Common Vulnerabilities and Exposures (CVEs) rather than their impact or severity. This critique argues that the most detrimental CVEs frequently arise from problems not directly related to memory safety, such as insufficient input validation and logical mistakes. Notable instances of such vulnerabilities include the widespread Log4j input validation issue and several vulnerabilities within Microsoft Exchange Server, classified under different Common Weakness Enumerations (CWEs). This perspective suggests that the ONCD report may not fully acknowledge the complexity and critical nature of the threats present in the cybersecurity landscape, as evidenced by CISA's statistics on actively exploited CVEs. The emphasis on memory safety, while important, may overshadow other crucial aspects of software security, potentially leading to a skewed understanding of the cybersecurity challenges and priorities.

Understanding Memory-Safe Languages

While memory-safe languages represent progress, it is also crucial to understand their operational nuances and context. Their use of garbage collection, interpretation, or virtual environments sets them apart from lower-level languages like C and C++ in terms of performance, making them suitable for different applications and domains based on project needs. Here's a closer examination of the mentioned languages, without warranty of completeness:

The transition towards memory-safe languages can significantly reduce the prevalence of memory safety vulnerabilities and is a significant advancement in the quest for more secure software. However, it is not devoid of challenges such as the learning curve for developers and performance trade-offs. Yet, the advent of languages like Go and Rust offers a balanced approach, unifying performance with safety.

Conclusion

In light of the nuanced challenges facing cybersecurity today, my work, such as the creation of the paysec library written in Rust, underscores a proactive approach to improveing memory safety across essential sectors like retail payment systems. By pivoting from traditional languages like C and C++ to Rust, I not only advocate for memory safety, but try to encurage its wider adoption in industries where security is of concern.

However, the critique raised against the ONCD report's focus—primarily on the volume of CVEs linked to memory safety issues—highlights the necessity of not overlooking the enduring relevance and adaptability of C and C++. Despite the emergence of new programming paradigms, C and C++ continue to hold significant value in various applications, thanks to their efficiency, control over system resources, and the vast, established base of existing code and developer expertise.

The discussion underscores that while embracing memory-safe languages is vital for addressing specific classes of vulnerabilities, it's equally important to acknowledge the complexity of cybersecurity threats. These threats demand a multifaceted approach that includes, but is not limited to, memory safety.

🌟 Support My Quest

If the content within these pages has enriched your journey, consider showing your support by sharing a potion of coffee with me. Such a gesture, though small, is a mighty boon to my spirit and craft. It allows me to continue sharing the lore you hold dear.

☕ Buy Me a Coffee

Let it be known that the posts I pen are born from my own personal opinions and musings, presented before you in earnest, free of shadowed veils or hidden alliances. If you find truth and heart within my words, consider supporting me with a coffee. And believe me, as a father of two young spirits, this potion is indeed the elixir of my vigilance and creativity.

Beyond sharing my journey and insights, I craft customized solutions in the realm of tech to empower and fortify your own domains.

🔍 Discover my services

Comments

Ping -

Ahoi, ich wollte nur den Test bestehen.

Leave a Comment

Please preserve the rules of respect and avoid any shadow that might fall upon the realm. Keep your discourse pure and use simple characters. Your scroll shall contain no more than a thousand characters.

Only the worthy may share their wisdom beneath the sacred tree of insight. To prove yourself a true hero and not a shadowy automation, solve this puzzle:

captcha