Towards a Systematic Approach to Memory Safety: A Case Study Integrating Techniques and Practices Over the Software Development Life Cycle (SDLC)

Safe memory management is a crucial pillar in modern programming and cybersecurity, essential to prevent vulnerabilities and errors that can compromise the reliability and security of computer systems. Memory safety problems, as evidenced by many cases (e.g., Wannacry and Crowdstrike) can have a devastating impact on the entire Trusted Computing Base (TCB) of organisations. Despite such important issues, there is still a lack of standardised frameworks, methods, and tools able to guide software engineers in a systematic consideration and mitigation of software memory safety during the entire Software Development Life Cycle (SDLC). In this work, we propose a first attempt towards an approach that contextualises and considers, within the SDLC, main issues related to memory safety, and proposes guidelines to apply specific techniques for reducing potential memory safety risks. Specifically, our approach is pragmatic and oriented towards the industry, with the aim of helping organisations to individuate the parts where memory safety issues more often occur, and to mitigate such problems contextually to a secure SDLC. The concept of memory safety is introduced, followed by an overview of the main classes of vulnerabilities, and then by an in-depth analysis of the applicable mitigation techniques. We present our approach and a case study as an initial application of our approach, and exemplification of concepts related to it. The main contribution of this work consists in the systematization of mitigation techniques deriving from memory management problems, according to the SDLC, and in the practical demonstration of their effectiveness in a case study.