Frequent glitches arise from incompatibilities between software programs and human memory. The creation of bugs in software programs often leads to issues of safety? Approximately 70 percent of extreme vulnerabilities remain unpatched on average. In memory-unsafe codebases, memory-related vulnerabilities arise due to the lack of effective remembrance for security concerns. Cybercriminals capitalise on these weaknesses, subsequently inflicting tangible harm in the physical world. In 2023, Google’s menaces intelligence groups conducted a comprehensive industry-wide analysis, revealing that Our internal analysis suggests that approximately 75 percent of exploited CVEs typically involve memory-based security vulnerabilities.
For over two decades, Google has recognized the importance of memory safety in the software we develop and use, driving our ongoing efforts to continuously advance this critical area. Our dedication prioritizes seamlessly integrating robust safety measures and best-in-class remembrance security practices throughout the entirety of our software development lifecycle. By implementing this proactive strategy, we create a significantly safer and more dependable digital environment for all users.
This submission builds on our previously reported work and outlines our strategic approach to improving memory security.
As Google’s commitment to memory safety has unfolded, so too have the industry’s technological advancements. As we began, we recognized the importance of striking a delicate balance between operational efficiency and robust security measures. The vulnerability led to the rapid emergence of memory-safe languages such as Java, Python, and Go, which prioritized developers’ safety above all else. These programming languages currently make up a significant portion of our codebase, providing robust memory safety alongside numerous other benefits. While we’re on this path, the majority of our code is primarily written in C++, which was a logical choice for its high-performance capabilities beforehand?
We have recognized the inherent risks associated with memory-unsound languages and created tools such as dynamic memory leak detectors that identify memory-related security vulnerabilities in real-time, as well as fuzzers like AFL++ and Klee, which actively test the resilience and safety of a software program by continually submitting unexpected inputs. By open-sourcing these tools, we have enabled global developers to significantly reduce the likelihood of memory-related security vulnerabilities in C and C++ codebases. To further strengthen our commitment, we consistently contribute to open-source projects through steady fuzzing, thereby helping to remediate issues like.
With the rise of memory-safe languages like Rust, combined with a refined appreciation for the limitations of solely relying on detection-based methods, our focus is now squarely on preventing the widespread introduction of safety vulnerabilities from the outset.
To proactively address remembrance security threats, Google employs a comprehensive strategy that balances the need to update existing codebases with preparing for future growth, all while maintaining the pace of innovation.
We aim to gradually integrate memory-safe languages into our existing codebases while strategically phasing out memory-unsafe code in all newly developed projects. Given the substantial amount of C++ code we utilize, we predict that a remaining portion of mature and secure memory-unsound code will persist into the foreseeable future.
Our technique’s foundation is built upon increasing the widespread use of memory-safe programming languages. Languages that employ garbage collection and borrow checking techniques effectively reduce the likelihood of memory-related errors, thereby inheriting the same benefits as Protected Coding. Rules that efficiently eradicated various vulnerability courses, such as cross-site scripting (XSS), at a large scale. Google has successfully integrated multiple statically-typed languages such as Java, Kotlin, Go, and Python into a significant part of its coding base.
We aim to accelerate the adoption of memory-safe programming languages, endowing them with the essential features to effectively address the demands of our lower-level ecosystems where C++ has traditionally held sway. We’re committed to expanding the reach of Rust beyond its current use in Android and mobile environments, instead focusing on integrating it across a broader range of applications within our server, software, and embedded systems. The use of MSLs in low-level coding scenarios, where C and C++ are often the preferred choices, will now be enabled. Additionally, we’re examining even smoother integration with C++ through this approach, aiming to accelerate our migration to MSLs.
In Android, a platform running on billions of devices, significant progress has been made in embracing Memory Safety Labels (MSLs) alongside Rust, specifically within the community, firmware, and graphics stacks. We focused specifically on embracing memory safety through the adoption of reminiscence security rather than rewriting existing, robust, and secure C or C++ codebases that have stood the test of time. As the pace of vulnerability discoveries accelerates, a novel approach emerges to counteract the rapid exploitation of memory security flaws, which are increasingly being identified just before they’re discovered.
Due to this concerted effort, the number of reported Android reminiscence security vulnerabilities has plummeted at an unprecedented rate, decreasing dramatically from over 220 in 2019 to a predicted mere 36 by year’s end, starkly illustrating the tangible impact of this tactical pivot. The more severe memory-safety vulnerabilities are, the greater the reduction in memory security vulnerabilities, which corresponds to a decreased safety risk.
While adopting memory-safe programming languages represents a crucial long-term strategy requiring immediate investment, we recognize the imperative need to safeguard the security of our vast customer base as we navigate this transformative journey. While acknowledging that large codebases in memory-unsafe languages like C and C++ cannot be entirely ignored,
Subsequently the second pillar of our technique focuses on threat discount & containment of this portion of our codebase. This incorporates:
- We’re retrofitting security at scale within our legacy memory-unsafe code, primarily leveraging. While it is not possible to retroactively secure C and C++, we are actively addressing specific subclasses of vulnerabilities within our owned codebase, while also reducing the risks associated with remaining vulnerabilities through effective exploit mitigations.
Now we’ve allocated a significant portion of our computing resources specifically to optimize our workload distribution. While bounds-checking overhead may be negligible for individual function implementations, the sheer scale of Google’s operations necessitates a significant allocation of computational resources to ensure its effective deployment. We are unwaveringly committed to fortifying the robustness and integrity of our services, ensuring the highest levels of protection and reliability for all stakeholders. Early indications are encouraging, and we’ll provide more specific details in a forthcoming post.
Within the past few years, Chrome has implemented numerous updates that have effectively reduced the occurrence of use-after-free vulnerabilities in privileged processes by 57%, subsequently decreasing the number of in-the-wild exploits and bolstering overall browser security?
- We’re persevering with To bolster the core foundations of our software platform by strategically implementing sandboxed environments and fine-grained privilege management, thereby mitigating the impact of potential vulnerabilities. In December, we successfully launched the beta version of our flagship product and seamlessly integrated it into our platform.
- We’re committed to advancing the field by investing in cutting-edge bug detection tools and innovative analytics, mirroring industry leaders’ best practices, while simplifying and democratizing machine learning-driven fuzzing to make it accessible for all testing endeavors. As the industry shifts toward memory safety by design, these tools and methodologies remain crucial components of proactive risk mitigation, particularly for addressing vulnerabilities in areas currently lacking robust preventive measures?
Additionally, we are actively collaborating with the semiconductor and analytics communities on emerging hardware-based solutions to bolster memory security. This portfolio contains our outstanding work from 2010 to 2022 (MTE). Machines are being implemented within Google’s internal settings and external environments alike. We are also conducting ongoing research to develop a more granular understanding of structural vulnerabilities and enhance security measures, particularly focusing on high-stakes environments such as embedded systems where security is paramount.
As we see it, embracing the opportunity to enhance massive-scale remembrance security will undoubtedly yield a profoundly positive impact on the overall digital landscape’s security posture. As we move forward, a consistent influx of funds and innovative thinking is essential to propel progress in both security and speed, and our commitment remains unwavering as we navigate this journey together with the larger community.
Future publications will explore the intricacies of our technique, delving deeper into specific aspects of reminiscence security.
Notes
