There are two broad categories of memory safety vulnerabilities: spatial and temporal. Spatial memory safety issues result from memory accesses performed outside of the “correct” bounds established for variables and objects in memory. Temporal memory safety issues arise when memory is accessed outside of time or state, such as accessing object data after the object is freed or when memory accesses are unexpectedly interleaved.
Over fifty years later, aerospace engineers and policymakers alike have not left the future of space
safety to fate. Thanks in large part to technological advancements in modern computing and
software engineering, digital automation has minimized the risk of human error, shifting the burden
away from the astronauts in orbit – and the rocket scientists in the command center – and ensuring
the spacecraft is safer by design, and in-turn, safer for its crew. In the case of Apollo 13 the near
disaster was inadvertently caused by the laws of physics, but today there are adversaries actively
trying to sabotage space systems.xv Now, as cyberspace continues to be introduced to outer space,
the spacecraft must also be secure by design. A catastrophe should not be the catalyst for action.
The chip, in particular, is an important hardware building block to consider. There are several promising efforts currently underway to support memory protections through hardware. For example, a group of manufacturers have developed a new memory-tagging extension (MTE) to cross-check the validity of pointers to memory locations before using them. If they are invalid, the CPU produces an error.xvii This technique is an effective method to detect memory safety bugs, but this approach should not be considered a comprehensive solution to prevent all memory safety exploits.xviii Another example of a hardware method is the Capability Hardware Enhanced RISC Instructions (CHERI).xix This architecture changes how software accesses memory, with the aim of removing vulnerabilities present in historically memory unsafe languages.xx
As President Biden frequently remarks, “We are the United States of America and there is nothing, nothing beyond our capacity if we do it together.”
jiacai2050
commented
8 months ago
白宫的一份政府报告,有些观点还挺有意思的: