We show how to utilize code-range data protection to enforce the private access specifiers of Object Oriented classes at runtime. We exploit the fact that code and data are often organized into modules exporting specified interfaces, even in non-Object-Oriented languages. We enforce at runtime the integrity and simplistic privacy of the module: its state cannot be written nor read other than through its interface. We provide module integrity even to non-memory-safe languages such as C and C++, without requiring automatic memory management. This is not best-effort protection: when used properly, we comprehensively guarantee that one software module cannot violate the integrity of another. That is, we make software objects hard.

Our extensions are simple, modest, and provide the guarantee we claim. We give simulation measurements to show the performance overhead is low. We show how most software can be compiled to take advantage of these extensions with modest and partially automatable modification.




Download Full History