research-article

Open access

In-fat pointer: hardware-assisted tagged-pointer spatial memory safety defense with subobject granularity protection

Authors:

David LieAuthors Info & Claims

ASPLOS '21: Proceedings of the 26th ACM International Conference on Architectural Support for Programming Languages and Operating Systems

Pages 224 - 240

https://doi.org/10.1145/3445814.3446761

Published: 17 April 2021 Publication History

Abstract

Programming languages like C and C++ are not memory-safe because they provide programmers with low-level pointer manipulation primitives. The incorrect use of these primitives can result in bugs and security vulnerabilities: for example, spatial memory safety errors can be caused by dereferencing pointers outside the legitimate address range belonging to the corresponding object. While a range of schemes to provide protection against these vulnerabilities have been proposed, they all suffer from the lack of one or more of low performance overhead, compatibility with legacy code, or comprehensive protection for all objects and subobjects.

We present In-Fat Pointer, the first hardware-assisted defense that can achieve spatial memory safety at subobject granularity while maintaining compatibility with legacy code and low overhead. In-Fat Pointer improves the protection granularity of tagged-pointer schemes using object metadata, which is efficient and binary-compatible for object-bound spatial safety. Unlike previous work that devotes all pointer tag bits to object metadata lookup, In-Fat Pointer uses three complementary object metadata schemes to reduce the number pointer tag bits needed for metadata lookup, allowing it to use the left-over bits, along with in-memory type metadata, to refine the object bounds to subobject granularity. We show that this approach provides practical protection of fine-grained spatial memory safety.

References

[1]

Periklis Akritidis, Manuel Costa, Miguel Castro, and Steven Hand. 2009. Baggy Bounds Checking: An Eficient and Backwards-Compatible Defense against Outof-Bounds Errors. In Proceedings of the USENIX security symposium (USENIX Security '09). Montreal, Canada. https://www.usenix.org/legacy/event/sec09/ tech/full_papers/sec09_memory.pdf

[2]

ARM Ltd. 2020. ARM Architecture Reference Manual ARMv8, for ARMv8-A architecture profile. ARM Ltd. https://developer.arm.com/documentation/ddi0487/latest

[3]

Todd Austin. 1995. Pointer-Intensive Benchmark Suite. http://pages.cs.wisc. edu/~austin/ptr-dist.html

[4]

Jef Bonwick. 1994. The Slab Allocator: An Object-Caching Kernel Memory Allocator. In USENIX Summer 1994 Technical Conference. USENIX Association, Boston, MA, USA. https://www.usenix.org/conference/usenix-summer-1994-technical-conference/ slab-allocator-object-caching-kernel

[5]

Nathan Burow, Derrick McKee, Scott A. Carr, and Mathias Payer. 2018. CUP: Comprehensive User-Space Protection for C/C++. In Proceedings of the ACM ASIA Conference on Computer & Communications Security 2018 ( ASIACCS '18). Incheon, Republic of Korea, 381-392. https://doi.org/10.1145/3196494.3196540

Digital Library

[6]

Martin C. Carlisle and Anne Rogers. 1995. Software Caching and Computation Migration in Olden. In Proceedings of the Fifth ACM SIGPLAN Symposium on Principles and Practice of Parallel Programming (PPOPP '95). Santa Barbara, CA, USA, 29-38. https://doi.org/10.1145/209936.209941

Digital Library

[7]

J. Morris Chang, Woo Hyong Lee, and Witawas Srisa-an. 2001. A study of the allocation behavior of C++ programs. Journal of Systems and Software 57, 2 ( June 2001 ), 107-118. https://doi.org/10.1016/S0164-1212 ( 00 ) 00122-9

[8]

Dongwei Chen, Daliang Xu, Dong Tong, Kang Sun, Xuetao Guan, Chun Yang, and Xu Cheng. 2020. Saturation Memory Access: Mitigating Memory Spatial Errors without Terminating Programs. (April 2020 ). arXiv: 2002. 02831 [cs.CR] https://arxiv.org/abs/ 2002.02831

[9]

Sourav Das, R. Harikrishnan Unnithan, Arjun Menon, Chester Rebeiro, and Kamakoti Veezhinathan. 2019. SHAKTI-MS: A RISC-V Processor for Memory Safety in C. In Proceedings of the 20th ACM SIGPLAN/SIGBED International Conference on Languages, Compilers, and Tools for Embedded Systems (LCTES 2019 ). Phoenix, AZ, USA, 19-32. https://doi.org/10.1145/3316482.3326356

Digital Library

[10]

Joe Devietti, Colin Blundell, Milo M. K. Martin, and Steve Zdancewic. 2008. Hardbound: Architectural Support for Spatial Safety of the C Programming Language. In Proceedings of the 13th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS XIII). Seattle, WA, USA, 103-114. https://doi.org/10.1145/1346281.1346295

Digital Library

[11]

Udit Dhawan, Catalin Hritcu, Raphael Rubin, Nikos Vasilakis, Silviu Chiricescu, Jonathan M. Smith, Thomas F. Knight, Benjamin C. Pierce, and Andre DeHon. 2015. Architectural Support for Software-Defined Metadata Processing. In Proceedings of the Twentieth International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS '15). Istanbul, Turkey, 487-502. https://doi.org/10.1145/2694344.2694383

Digital Library

[12]

Baozeng Ding, Yeping He, Yanjun Wu, Alex Miller, and John Criswell. 2012. Baggy Bounds with Accurate Checking. In Proceedings of the 23rd International Symposium on Software Reliability Engineering Workshops (ISSRE '12). Dallas, TX, USA. https://doi.org/10.1109/ISSREW. 2012.24

[13]

Gregory J Duck, Roland HC Yap, and Lorenzo Cavallaro. 2017. Stack Bounds Protection with Low Fat Pointers. In Proceedings of the 2017 Network and Distributed System Security Symposium (NDSS 2017 ). San Diego, CA, USA. https: //doi.org/10.14722/ndss. 2017.23287

[14]

Gregory J. Duck and Roland H. C. Yap. 2018. EfectiveSan: Type and Memory Error Detection Using Dynamically Typed C/C++. In Proceedings of the 39th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI '18). Philadephia, PA, USA, 181-195. https://doi.org/10.1145/3192366.3192388

Digital Library

[15]

Jason Evans. 2006. A scalable concurrent malloc(3) implementation for FreeBSD (BSDCan 2006 ). Ottawa, Canada. https://papers.freebsd.org/2006/bsdcan/evansjemalloc/

[16]

Shay Gal-On and Markus Levy. 2012. Exploring CoreMark a benchmark maximizing simplicity and eficacy. ( 2012 ). https://www.eembc.org/coremark/

[17]

John L. Henning. 2006. SPEC CPU2006 Benchmark Descriptions. ACM SIGARCH Computer Architecture News 34, 4 ( September 2006 ), 1-17. https://doi.org/10. 1145/1186736.1186737

Digital Library

[18]

Hong Hu, Shweta Shinde, Sendroiu Adrian, Zheng Leong Chua, Prateek Saxena, and Zhenkai Liang. 2016. Data-oriented programming: On the expressiveness of non-control data attacks. In Porceedings of the 37th IEEE Symposium on Security and Privacy (Oakland '16). San Jose, CA, USA. https://doi.org/10.1109/SP. 2016.62

[19]

Alexandre Joannou, Jonathan Woodruf, Robert Kovacsics, Simon W Moore, Alex Bradbury, Hongyan Xia, Robert NM Watson, David Chisnall, Michael Roe, Brooks Davis, Edward Napierala, John Baldwin, Khilan Gudka, Peter G. Neumann, Alfredo Mazzinghi, Alex Richardson, Stacey Son, and A. Theodore Markettos. 2017. Eficient Tagged Memory. In 2017 IEEE International Conference on Computer Design (ICCD 2017 ). Boston, MA, USA, 641-648. https://doi.org/10.1109/ICCD. 2017.112

[20]

Yonghae Kim, Jaekyu Lee, and Hyesoon Kim. 2020. Hardware-based Always-On Heap Memory Safety. In 2020 53rd Annual IEEE/ACM International Symposium on Microarchitecture (MICRO 2020 ). 1153-1166. https://doi.org/10.1109/MICRO50266. 2020.00095

[21]

Gnanambikai Krishnakumar, Kommuru Alekhya REDDY, and Chester Rebeiro. 2019. ALEXIA: A Processor with Lightweight Extensions for Memory Safety. ACM Transactions on Embedded Computing Systems 18, 6, Article 122 ( November 2019 ), 27 pages. https://doi.org/10.1145/3362064

Digital Library

[22]

Taddeus Kroes, Koen Koning, Cristiano Giufrida, Herbert Bos, and Erik van der Kouwe. 2017. Fast and Generic Metadata Management with Mid-Fat Pointers. In Proceedings of the 10th European Workshop on Systems Security (EuroSec '17). Belgrade, Serbia. https://doi.org/10.1145/3065913.3065920

Digital Library

[23]

Alexey Kukanov and Michael J Voss. 2007. The Foundations for Scalable Multicore Software in Intel Threading Building Blocks. Intel Technology Journal 11, 4 (November 2007 ), 309-322.

[24]

Albert Kwon, Udit Dhawan, Jonathan M Smith, Thomas F Knight Jr, and Andre DeHon. 2013. Low-fat pointers: compact encoding and eficient gate-level implementation of fat pointers for spatial safety and capability-based security. In Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security (CCS '13). Berlin, Germany, 721-732. https://doi.org/10.1145/2508859.2516713

Digital Library

[25]

Chris Lattner and Vikram Adve. 2004. LLVM: A compilation framework for lifelong program analysis & transformation. In International Symposium on Code Generation and Optimization (CGO '04). San Jose, CA, USA, 75-86. https://doi. org/10.1109/CGO. 2004.1281665

[26]

Hongyu Liu, Ruiqin Tian, Bin Ren, and Tongping Liu. 2020. Prober: Practically Defending Overflows with Page Protection. In Proceedings of the 35th IEEE/ACM International Conference on Automated Software Engineering (Virtual, Australia) ( ASE '20). 1116-1128. https://doi.org/10.1145/3324884.3416533

Digital Library

[27]

Google LLC. 2005. TCMalloc : Thread-Caching Malloc. http://goog-perftools. sourceforge.net/doc/tcmalloc.html

[28]

Santosh Nagarakatte, Milo MK Martin, and Steve Zdancewic. 2014. WatchdogLite: Hardware-Accelerated Compiler-Based Pointer Checking. In Proceedings of Annual IEEE/ACM International Symposium on Code Generation and Optimization (CGO '14). Orlando, FL, USA, 175-184. https://doi.org/10.1145/2544137.2544147

Digital Library

[29]

Santosh Nagarakatte, Jianzhou Zhao, Milo M.K. Martin, and Steve Zdancewic. 2009. SoftBound: Highly Compatible and Complete Spatial Memory Safety for C. In Proceedings of the 30th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI '09). Dublin, Ireland, 245-258. https: //doi.org/10.1145/1542476.1542504

Digital Library

[30]

Myoung Jin Nam, Periklis Akritidis, and David J Greaves. 2019. FRAMER: A Tagged-Pointer Capability System with Memory Safety Applications. In Proceedings of the 35th Annual Computer Security Applications Conference (ACSAC '19). San Juan, Puerto Rico, USA, 612-626. https://doi.org/10.1145/3359789.3359799

Digital Library

[31]

NIST. 2017. Juliet Test Suite for C/C++. https://samate.nist.gov/SRD/testsuite.php

[32]

Oleksii Oleksenko, Dmitrii Kuvaiskii, Pramod Bhatotia, Pascal Felber, and Christof Fetzer. 2018. Intel MPX Explained: A Cross-layer Analysis of the Intel MPX System Stack. Proc. ACM Meas. Anal. Comput. Syst. 2, 2, Article 28 ( June 2018 ), 30 pages. https://doi.org/10.1145/3224423

Digital Library

[33]

PULP Platform. 2019. pulp-platform/linux: Linux kernel source tree. https: //github.com/pulp-platform/linux

[34]

Marco Prandini and Marco Ramilli. 2012. Return-Oriented Programming. IEEE Security & Privacy 10, 6 ( December 2012 ), 84-87. https://doi.org/10.1109/MSP. 2012.152

[35]

Hiroshi Sasaki, Miguel A. Arroyo, M. Tarek Ibn Ziad, Koustubha Bhat, Kanad Sinha, and Simha Sethumadhavan. 2019. Practical Byte-Granular Memory Blacklisting Using Califorms. In Proceedings of the 52nd Annual IEEE/ACM International Symposium on Microarchitecture (MICRO '52). Columbus, OH, USA, 558-571. https://doi.org/10.1145/3352460.3358299

Digital Library

[36]

Konstantin Serebryany, Derek Bruening, Alexander Potapenko, and Dmitriy Vyukov. 2012. AddressSanitizer: A Fast Address Sanity Checker. In Proceedings of the 2012 USENIX Annual Technical Conference (USENIX ATC '12). Boston, MA, USA. https://www.usenix.org/conference/atc12/technical-sessions/presentation/ serebryany

[37]

Julian Seward. 2019. bzip2. ( 2019 ). https://www.sourceware.org/bzip2/

[38]

Kanad Sinha and Simha Sethumadhavan. 2018. Practical Memory Safety with REST. In Proceedings of the ACM/IEEE 45th International Symposium on Computer Architecture (ISCA '18). Los Angeles, CA, USA. https://doi.org/10.1109/ISCA. 2018.00056

[39]

Dokyung Song, Julian Lettner, Prabhu Rajasekaran, Yeoul Na, Stijn Volckaert, Per Larsen, and Michael Franz. 2019. SoK: Sanitizing for Security. In 2019 IEEE Symposium on Security and Privacy (Oakland '19). San Francisco, CA, USA, 1275-1295. https://doi.org/10.1109/SP. 2019.00010

[40]

Laszlo Szekeres, Mathias Payer, Tao Wei, and Dawn Song. 2013. SoK: Eternal war in memory. In Porceedings of the 34th IEEE Symposium on Security and Privacy (Oakland '13). San Francisco, CA, USA, 48-62. https://doi.org/10.1109/SP. 2013.13

[41]

WolfSSL Inc. 2020. WolfCrypt Embedded Crypto Engine. ( 2020 ). https://www. wolfssl.com/products/wolfcrypt-2/

[42]

Jonathan Woodruf, Robert NM Watson, David Chisnall, Simon W Moore, Jonathan Anderson, Brooks Davis, Ben Laurie, Peter G Neumann, Robert Norton, and Michael Roe. 2014. The CHERI capability model: Revisiting RISC in an age of risk. In Proceedings of the ACM/IEEE 41st International Symposium on Computer Architecture (ISCA '14). Minneapolis, MN, USA, 457-468. https://doi.org/10.1109/ISCA. 2014.6853201

[43]

Yves Younan, Pieter Philippaerts, Lorenzo Cavallaro, R. Sekar, Frank Piessens, and Wouter Joosen. 2010. PAriCheck: An Eficient Pointer Arithmetic Checker for C Programs. In Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security (ASIACCS '10). Beijing, China, 145-156. https: //doi.org/10.1145/1755688.1755707

Digital Library

[44]

Florian Zaruba and Luca Benini. 2019. The Cost of Application-Class Processing: Energy and Performance Analysis of a Linux-Ready 1. 7-GHz 64-Bit RISC-V Core in 22-nm FDSOI Technology. IEEE Transactions on Very Large Scale Integration (VLSI) Systems 27, 11 (November 2019 ), 2629-2640. https://doi.org/10.1109/TVLSI. 2019.2926114

[45]

Benjamin Zorn and Dirk Grunwald. 1992. Empirical Measurements of Six Allocation-Intensive C Programs. ACM SIGPLAN Notices 27, 12 ( December 1992 ), 71-80. https://doi.org/10.1145/142181.142200

Digital Library

Cited By

Schrammel DUnterguggenberger MLamster LSultana SGrewal KLeMay MDurham DMangard S(2024)Memory Tagging using Cryptographic Integrity on Commodity x86 CPUs2024 IEEE 9th European Symposium on Security and Privacy (EuroS&P)10.1109/EuroSP60621.2024.00024(311-326)Online publication date: 8-Jul-2024
https://doi.org/10.1109/EuroSP60621.2024.00024
Stavrakakis DPanfil ANam MBhatotia P(2024)SPP: Safe Persistent Pointers for Memory Safety2024 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)10.1109/DSN58291.2024.00019(37-52)Online publication date: 24-Jun-2024
https://doi.org/10.1109/DSN58291.2024.00019
Wang XZhang BTang CZhang L(2024)Highly Comprehensive and Efficient Memory Safety Enforcement with Pointer Tagging2024 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W)10.1109/DSN-W60302.2024.00026(74-81)Online publication date: 24-Jun-2024
https://doi.org/10.1109/DSN-W60302.2024.00026
Show More Cited By

Index Terms

In-fat pointer: hardware-assisted tagged-pointer spatial memory safety defense with subobject granularity protection
1. Security and privacy

Recommendations

CryptSan: Leveraging ARM Pointer Authentication for Memory Safety in C/C++
SAC '23: Proceedings of the 38th ACM/SIGAPP Symposium on Applied Computing

Memory safety bugs remain in the top ranks of security vulnerabilities, even after decades of research on their detection and prevention. Various mitigations have been proposed for C/C++, ranging from language dialects to instrumentation. Among these, ...
Flow sensitive-insensitive pointer analysis based memory safety for multithreaded programs
ICCSA'11: Proceedings of the 2011 international conference on Computational science and Its applications - Volume Part V

The competency of pointer analysis is crucial for many compiler optimizations, transformations, and checks like memory safety. The potential interaction between threads in multithreaded programs complicates their pointer analysis and memory-safety ...
Interprocedural pointer alias analysis

We present practical approximation methods for computing and representing interprocedural aliases for a program written in a language that includes pointers, reference parameters, and recursion. We present the following contributions: (1) a framework ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

ASPLOS '21: Proceedings of the 26th ACM International Conference on Architectural Support for Programming Languages and Operating Systems

April 2021

1090 pages

ISBN:9781450383172

DOI:10.1145/3445814

General Chair:
Tim Sherwood
University of California at Santa Barbara, USA
,
Program Chairs:
Emery Berger
University of Massachusetts at Amherst, USA
,
Christos Kozyrakis
Stanford University, USA

Copyright © 2021 Owner/Author.

This work is licensed under a Creative Commons Attribution International 4.0 License.

Sponsors

SIGPLAN: ACM Special Interest Group on Programming Languages

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 17 April 2021

Check for updates

Badges

Author Tags

Qualifiers

Research-article

Funding Sources

NSERC

Conference

ASPLOS '21

Sponsor:

SIGPLAN

ASPLOS '21: 26th ACM International Conference on Architectural Support for Programming Languages and Operating Systems

April 19 - 23, 2021

Virtual, USA

Acceptance Rates

Overall Acceptance Rate 535 of 2,713 submissions, 20%

Upcoming Conference

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

8
Total Citations
View Citations
1,078
Total Downloads

Downloads (Last 12 months)306
Downloads (Last 6 weeks)38

Reflects downloads up to 22 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Schrammel DUnterguggenberger MLamster LSultana SGrewal KLeMay MDurham DMangard S(2024)Memory Tagging using Cryptographic Integrity on Commodity x86 CPUs2024 IEEE 9th European Symposium on Security and Privacy (EuroS&P)10.1109/EuroSP60621.2024.00024(311-326)Online publication date: 8-Jul-2024
https://doi.org/10.1109/EuroSP60621.2024.00024
Stavrakakis DPanfil ANam MBhatotia P(2024)SPP: Safe Persistent Pointers for Memory Safety2024 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)10.1109/DSN58291.2024.00019(37-52)Online publication date: 24-Jun-2024
https://doi.org/10.1109/DSN58291.2024.00019
Wang XZhang BTang CZhang L(2024)Highly Comprehensive and Efficient Memory Safety Enforcement with Pointer Tagging2024 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W)10.1109/DSN-W60302.2024.00026(74-81)Online publication date: 24-Jun-2024
https://doi.org/10.1109/DSN-W60302.2024.00026
Unterguggenberger MSchrammel DNasahl PSchilling RLamster LMangard S(2023)Multi-Tag: A Hardware-Software Co-Design for Memory Safety based on Multi-Granular Memory TaggingProceedings of the 2023 ACM Asia Conference on Computer and Communications Security10.1145/3579856.3590331(177-189)Online publication date: 10-Jul-2023
https://dl.acm.org/doi/10.1145/3579856.3590331
Chen DTong DYang CYi JCheng X(2023)FlexPointer: Fast Address Translation Based on Range TLB and Tagged PointersACM Transactions on Architecture and Code Optimization10.1145/357985420:2(1-24)Online publication date: 1-Mar-2023
https://dl.acm.org/doi/10.1145/3579854
Unterguggenberger MSchrammel DLamster LNasahl PMangard SMeng WJensen CCremers CKirda E(2023)Cryptographically Enforced Memory SafetyProceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security10.1145/3576915.3623138(889-903)Online publication date: 15-Nov-2023
https://dl.acm.org/doi/10.1145/3576915.3623138
Liang KTan JZeng DHuang YHuang XTan G(2023)ABSLearn: a GNN-based framework for aliasing and buffer-size information retrievalPattern Analysis & Applications10.1007/s10044-023-01142-226:3(1171-1189)Online publication date: 1-Aug-2023
https://dl.acm.org/doi/10.1007/s10044-023-01142-2
Li YTan WLv ZYang SPayer MLiu YZhang CYin HStavrou ACremers CShi E(2022)PACMemProceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security10.1145/3548606.3560598(1901-1915)Online publication date: 7-Nov-2022
https://dl.acm.org/doi/10.1145/3548606.3560598
Saileshwar GBoivie RChen TSegal BBuyuktosunoglu A(2022)HeapCheck: Low-cost Hardware Support for Memory SafetyACM Transactions on Architecture and Code Optimization10.1145/349515219:1(1-24)Online publication date: 23-Jan-2022
https://dl.acm.org/doi/10.1145/3495152

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents