Data Confidentiality and Integrity
The new project I am working on is called Data Confidentiality and Integrity (DCI). The goal is to protect sensitive data such as private keys, password lists, and authorization tokens in C/C++ programs. A motivating example is the HeartBleed Bug. Attackers were able to use a buffer overflow to read a servers private key. Existing techniques like stack cookies, Control Flow Integrity, and Code Pointer Integrity would not prevent this type of attack.
The root of most exploits in C/C++ programs is memory corruption. Somehow the attacker gets a pointer out of bounds and reads or writes addresses the programmer never intended. DCI’s protection mechanism will protect these out of bounds reads and writes for a programmer selected subset of all the variables in the program.