- Submission Deadline: 16 August 2023
Publication: March/April 2024
“You will observe with concern how long a useful truth may be known and exist, before it is generally received and practiced on.” — Benjamin Franklin
In 1972, the Computer Security Technology Planning Study report of the US Air Force reads: “The code performing this function does not check the source and destination addresses properly, permitting portions of the monitor to be overlaid by the user. This can be used to inject code into the monitor that will permit the user to seize control of the machine”. This is an example of what later became known as memory corruption attacks, which were famously popularized by Phrack’s “Smashing the Stack for Fun and Profit” in 1996. Despite being one of the earliest classes of vulnerabilities studied, memory safety bugs continue to be one of the most widespread in modern systems. The persistence of memory safety vulnerabilities can perhaps be attributed to widespread usage of memory-unsafe programming languages such as C/C++ in commodity applications, libraries, and operating systems.
Recent advancements in system-level languages with strong memory safety guarantees (e.g., Rust) and tools and techniques to make large-scale, legacy C/C++ code bases partially or fully memory safe have created a new hope in this area. This special issue of IEEE Security & Privacy aims to highlight recent advancements in memory safety research with an emphasis on solutions. Topics include, but are not limited to:
- New, safe languages and their properties
- Memory-safety extensions to legacy languages
- Hardware/software co-designs that focus on memory safety (e.g., tagged architectures)
- Large-scale sanitization approaches
- Enforcement of memory safety on commodity hardware/systems
- New insights for enabling memory safety at scale
- Challenges and opportunities in utilizing memory-safe languages
- Empirical studies, case studies, experiments, and surveys on memory safety
Note that the SI seeks to focus on solutions rather than attacks. In addition to full papers, opinion pieces are welcome.
For author information and submission criteria for full papers, please visit the Author Information page. As stated there, full papers should be 4900 – 7200 words in length. Please submit full papers through the ScholarOne system, and be sure to select the special-issue name. Manuscripts should not be published or currently submitted for publication elsewhere. There should be no more than 15 references. Related work should appear in a special separated box. Please submit only full papers intended for peer review, not opinion pieces, to the ScholarOne portal.
Viewpoint pieces should contain no more than 2000 words. The title should start with the type of submission, i.e., “A viewpoint on…”. There should be no more than 10 references. These submissions should be converted to PDF and emailed to the guest editors at email@example.com by the submission deadline.
Contact the guest editors at firstname.lastname@example.org.
- Hamed Okhravi, MIT Lincoln Laboratory, USA
- Zhenkai Liang, National University of Singapore, Singapore