The new project I am working on is called Data Confidentiality and Integrity (DCI). The goal is to protect sensitive data such as private keys, password lists, and authorization tokens in C/C++ programs. A motivating example is the HeartBleed Bug. Attackers were able to use a buffer overflow to read a servers private key. Existing techniques like stack cookies, Control Flow Integrity, and Code Pointer Integrity would not prevent this type of attack.

The root of most exploits in C/C++ programs is memory corruption. Somehow the attacker gets a pointer out of bounds and reads or writes addresses the programmer never intended. DCI’s protection mechanism will protect these out of bounds reads and writes for a programmer selected subset of all the variables in the program.

Update

The DCI code has been open sourced on GitHub. You can read all the details about the completed prototype in this paper published in AsiaCCS 2017.