research-article

Watchdog: hardware for safe and secure manual memory management and full memory safety

Authors:

Santosh Nagarakatte,

Milo M. K. Martin,

Steve ZdancewicAuthors Info & Claims

ISCA '12: Proceedings of the 39th Annual International Symposium on Computer Architecture

Pages 189 - 200

Published: 09 June 2012 Publication History

Abstract

Languages such as C and C++ use unsafe manual memory management, allowing simple bugs (i.e., accesses to an object after deallocation) to become the root cause of exploitable security vulnerabilities. This paper proposes Watchdog, a hardware-based approach for ensuring safe and secure manual memory management. Inspired by prior software-only proposals, Watchdog generates a unique identifier for each memory allocation, associates these identifiers with pointers, and checks to ensure that the identifier is still valid on every memory access. This use of identifiers and checks enables Watchdog to detect errors even in the presence of reallocations. Watchdog stores these pointer identifiers in a disjoint shadow space to provide comprehensive protection and ensure compatibility with existing code. To streamline the implementation and reduce runtime overhead: Watchdog (1) uses micro-ops to access metadata and perform checks, (2) eliminates metadata copies among registers via modified register renaming, and (3) uses a dedicated metadata cache to reduce checking overhead. Furthermore, this paper extends Watchdog's mechanisms to detect bounds errors, thereby providing full hardware-enforced memory safety at low overheads.

References

[1]

National Vulnerability Database. NIST. http://web.nvd.nist.gov/.

[2]

P. Akritidis, M. Costa, M. Castro, and S. Hand. Baggy Bounds Checking: An Efficient and Backwards-compatible Defense against Out-of-Bounds Errors. In Proceedings of the 18th USENIX Security Symposium, Aug. 2009.

Digital Library

[3]

T. M. Austin, S. E. Breach, and G. S. Sohi. Efficient Detection of All Pointer and Array Access Errors. In Proceedings of the SIGPLAN 1994 Conference on Programming Language Design and Implementation, June 1994.

Digital Library

[4]

H.-J. Boehm. Space Efficient Conservative Garbage Collection. In Proceedings of the SIGPLAN 1993 Conference on Programming Language Design and Implementation, pages 197--206, June 1993.

Digital Library

[5]

S. Chen, M. Kozuch, T. Strigkos, B. Falsafi, P. B. Gibbons, T. C. Mowry, V. Ramachandran, O. Ruwase, M. Ryan, and E. Vlachos. Flexible Hardware Acceleration for Instruction-Grain Program Monitoring. In Proceedings of the 35th Annual International Symposium on Computer Architecture, pages 377--388, June 2008.

Digital Library

[6]

S. Chen, J. Xu, E. C. Sezer, P. Gauriar, and R. K. Iyer. Non-Control-Data Attacks are Realistic Threats. In Proceedings of the 14th conference on USENIX Security Symposium, 2005.

Digital Library

[7]

W. Chuang, S. Narayanasamy, and B. Calder. Accelerating Meta Data Checks for Software Correctness and Security. Journal of Instruction-Level Parallelism, 9, June 2007.

[8]

M. L. Corliss, E. C. Lewis, and A. Roth. DISE: A Programmable Macro Engine for Customizing Applications. In Proceedings of the 30th Annual International Symposium on Computer Architecture, June 2003.

Digital Library

[9]

J. Devietti, C. Blundell, M. M. K. Martin, and S. Zdancewic. Hardbound: Architectural Support for Spatial Safety of the C Programming Language. In Proceedings of the 13th International Conference on Architectural Support for Programming Languages and Operating Systems, Mar. 2008.

Digital Library

[10]

D. Dhurjati and V. Adve. Efficiently Detecting All Dangling Pointer Uses in Production Servers. In Proceedings of the International Conference on Dependable Systems and Networks, pages 269--280, June 2006.

Digital Library

[11]

F. C. Eigler. Mudflap: Pointer Use Checking for C/C++. In GCC Developer's Summit, 2003.

[12]

D. Gay, R. Ennals, and E. Brewer. Safe Manual Memory Management. In Proceedings of the 2007 International Symposium on Memory Management, Oct. 2007.

Digital Library

[13]

S. Ghose, L. Gilgeous, P. Dudnik, A. Aggarwal, and C. Waxman. Architectural Support for Low Overhead Detection of Memory Viloations. In Proceedings of the Design, Automation and Test in Europe, 2009.

Digital Library

[14]

M. Hertz and E. D. Berger. Quantifying the Performance of Garbage Collection vs. Explicit Memory Management. 2005.

Digital Library

[15]

T. Jim, G. Morrisett, D. Grossman, M. Hicks, J. Cheney, and Y. Wang. Cyclone: A Safe Dialect of C. In Proceedings of the 2002 USENIX Annual Technical Conference, June 2002.

Digital Library

[16]

J. A. Joao, O. Mutlu, and Y. N. Patt. Flexible Reference-Counting-Based Hardware Acceleration for Garbage Collection. In Proceedings of the 36th Annual International Symposium on Computer Architecture, pages 418--428, June 2009.

Digital Library

[17]

R. W. M. Jones and P. H. J. Kelly. Backwards-Compatible Bounds Checking for Arrays and Pointers in C Programs. In Third International Workshop on Automated Debugging, Nov. 1997.

[18]

S. Jourdan, R. Ronen, M. Bekerman, B. Shomar, and A. Yoaz. A Novel Renaming Scheme to Exploit Value Temporal Locality through Physical Register Reuse and Unification. In Proceedings of the 31st Annual IEEE/ACM International Symposium on Microarchitecture, Nov. 1998.

Digital Library

[19]

M. Kharbutli, X. Jiang, Y. Solihin, G. Venkataramani, and M. Prvulovic. Comprehensively and Efficiently Protecting the Heap. In Proceedings of the 12th International Conference on Architectural Support for Programming Languages and Operating Systems, pages 207--218, Oct. 2006.

Digital Library

[20]

V. B. Lvin, G. Novark, E. D. Berger, and B. G. Zorn. Archipelago: Trading Address Space for Reliability and Security. In Proceedings of the 13th International Conference on Architectural Support for Programming Languages and Operating Systems, pages 115--124, Mar. 2008.

Digital Library

[21]

M. Meyer. A Novel Processor Architecture with Tag-Free Pointers. In IEEE Micro, 2004.

Digital Library

[22]

S. Nagarakatte, J. Zhao, M. M. K. Martin, and S. Zdancewic. SoftBound: Highly Compatible and Complete Spatial Memory Safety for C. In Proceedings of the SIGPLAN 2009 Conference on Programming Language Design and Implementation, June 2009.

Digital Library

[23]

S. Nagarakatte, J. Zhao, M. M. K. Martin, and S. Zdancewic. CETS: Compiler Enforced Temporal Safety for C. In Proceedings of the 2010 International Symposium on Memory Management, June 2010.

Digital Library

[24]

G. C. Necula, J. Condit, M. Harren, S. McPeak, and W. Weimer. CCured: Type-Safe Retrofitting of Legacy Software. ACM Transactions on Programming Languages and Systems, 27(3), May 2005.

Digital Library

[25]

N. Nethercote and J. Seward. How to Shadow Every Byte of Memory Used by a Program. In Proceedings of the 4th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, pages 65--74, 2007.

Digital Library

[26]

N. Nethercote and J. Seward. Valgrind: A Framework for Heavyweight Dynamic Binary Instrumentation. In Proceedings of the SIGPLAN 2007 Conference on Programming Language Design and Implementation, pages 89--100, June 2007.

Digital Library

[27]

NIST Juliet Test Suite for C/C++. NIST, 2010. http://samate.nist.gov/SRD/testCases/suites/Juliet-2010-12.c.cpp.zip.

[28]

G. Novark and E. D. Berger. DieHarder: Securing the Heap. In Proceedings of the 17th ACM Conference on Computer and Communications Security, pages 573--584, 2010.

Digital Library

[29]

H. Patil and C. N. Fischer. Low-Cost, Concurrent Checking of Pointer and Array Accesses in C Programs. Software --- Practice & Experience, 27(1):87--110, 1997.

Digital Library

[30]

V. Petric, T. Sha, and A. Roth. RENO: A Rename-Based Instruction Optimizer. In Proceedings of the 32nd Annual International Symposium on Computer Architecture, June 2005.

Digital Library

[31]

J. Pincus and B. Baker. Beyond Stack Smashing: Recent Advances in Exploiting Buffer Overruns. IEEE Security & Privacy, 2(4):20--27, 2004.

Digital Library

[32]

J. Rafkind, A. Wick, M. Flatt, and J. Regehr. Precise Garbage Collection for C. In Proceedings of the 2009 International Symposium on Memory Management, June 2009.

Digital Library

[33]

A. Roth. Physical Register Reference Counting. IEEE TCCA Computer Architecture Letters, 7(1), Jan. 2008.

Digital Library

[34]

G. Venkataramani, B. Roemer, M. Prvulovic, and Y. Solihin. MemTracker: Efficient and Programmable Support for Memory Access Monitoring and Debugging. In Proceedings of the 13th Symposium on High-Performance Computer Architecture, pages 273--284, Feb. 2007.

Digital Library

[35]

W. Xu, D. C. DuVarney, and R. Sekar. An Efficient and Backwards-Compatible Transformation to Ensure Memory Safety of C Programs. In Proceedings of the 12th ACM SIG-SOFT International Symposium on Foundations of Software Engineering (FSE), pages 117--126, 2004.

Digital Library

Cited By

Zhou JCriswell JHicks M(2023)Fat Pointers for Temporal Memory Safety of CProceedings of the ACM on Programming Languages10.1145/35860387:OOPSLA1(316-347)Online publication date: 6-Apr-2023
https://dl.acm.org/doi/10.1145/3586038
Vinson SStonehirsch RCoffman JStevens JMcDonald JBardin SStakhanova N(2019)Preventing zero-day exploits of memory vulnerabilities with guard linesProceedings of the 9th Workshop on Software Security, Protection, and Reverse Engineering10.1145/3371307.3371311(1-11)Online publication date: 9-Dec-2019
https://dl.acm.org/doi/10.1145/3371307.3371311
Disselkoen CRenner JWatt CGarfinkel TLevy AStefan D(2019)Position PaperProceedings of the 8th International Workshop on Hardware and Architectural Support for Security and Privacy10.1145/3337167.3337171(1-8)Online publication date: 23-Jun-2019
https://dl.acm.org/doi/10.1145/3337167.3337171
Show More Cited By

Watchdog: hardware for safe and secure manual memory management and full memory safety
1. Software and its engineering
  1. Software notations and tools

Recommendations

Watchdog: hardware for safe and secure manual memory management and full memory safety
ISCA '12

Languages such as C and C++ use unsafe manual memory management, allowing simple bugs (i.e., accesses to an object after deallocation) to become the root cause of exploitable security vulnerabilities. This paper proposes Watchdog, a hardware-based ...
A Watchdog Processor Architecture with Minimal Performance Overhead
SAFECOMP '02: Proceedings of the 21st International Conference on Computer Safety, Reliability and Security

Control flow monitoring using a watchdog processor is a well-known technique to increase the dependability of a microprocessor system. Most approaches embed reference signatures for the watchdog processor into the processor instruction stream creating ...
Concurrent Error Detection Using Watchdog Processors-A Survey

Concurrent system-level error detection techniques using a watchdog processor are surveyed. A watchdog processor is a small and simple coprocessor that detects errors by monitoring the behavior of a system. Like replication, it does not depend on any ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

ISCA '12: Proceedings of the 39th Annual International Symposium on Computer Architecture

June 2012

584 pages

ISBN:9781450316422

General Chair:
Shih-Lien Lu
Intel
,
Program Chair:
Josep Torrellas
University of Illinois

ACM SIGARCH Computer Architecture News Volume 40, Issue 3
ISCA '12
June 2012
559 pages
ISSN:0163-5964
DOI:10.1145/2366231
Issue’s Table of Contents

Sponsors

Publisher

IEEE Computer Society

United States

Publication History

Published: 09 June 2012

Check for updates

Qualifiers

Research-article

Conference

ISCA '12

Sponsor:

SIGARCH

ISCA '12: The 39th Annual International Symposium on Computer Architecture

June 9 - 13, 2012

Oregon, Portland

Acceptance Rates

ISCA '12 Paper Acceptance Rate 47 of 262 submissions, 18%;

Overall Acceptance Rate 543 of 3,203 submissions, 17%

Upcoming Conference

ISCA '25

Sponsor:
sigarch

The 52nd Annual International Symposium on Computer Architecture

June 21 - 25, 2025

Tokyo , Japan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

88
Total Citations
View Citations
557
Total Downloads

Downloads (Last 12 months)62
Downloads (Last 6 weeks)8

Reflects downloads up to 02 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Zhou JCriswell JHicks M(2023)Fat Pointers for Temporal Memory Safety of CProceedings of the ACM on Programming Languages10.1145/35860387:OOPSLA1(316-347)Online publication date: 6-Apr-2023
https://dl.acm.org/doi/10.1145/3586038
Vinson SStonehirsch RCoffman JStevens JMcDonald JBardin SStakhanova N(2019)Preventing zero-day exploits of memory vulnerabilities with guard linesProceedings of the 9th Workshop on Software Security, Protection, and Reverse Engineering10.1145/3371307.3371311(1-11)Online publication date: 9-Dec-2019
https://dl.acm.org/doi/10.1145/3371307.3371311
Disselkoen CRenner JWatt CGarfinkel TLevy AStefan D(2019)Position PaperProceedings of the 8th International Workshop on Hardware and Architectural Support for Security and Privacy10.1145/3337167.3337171(1-8)Online publication date: 23-Jun-2019
https://dl.acm.org/doi/10.1145/3337167.3337171
Das SUnnithan RMenon ARebeiro CVeezhinathan KChen JShrivastava A(2019)SHAKTI-MS: a RISC-V processor for memory safety in CProceedings of the 20th ACM SIGPLAN/SIGBED International Conference on Languages, Compilers, and Tools for Embedded Systems10.1145/3316482.3326356(19-32)Online publication date: 23-Jun-2019
https://dl.acm.org/doi/10.1145/3316482.3326356
McMahan JChristensen MDewey KHardekopf BSherwood TManne SHunter HAltman E(2019)BouncerProceedings of the 46th International Symposium on Computer Architecture10.1145/3307650.3322256(711-722)Online publication date: 22-Jun-2019
https://dl.acm.org/doi/10.1145/3307650.3322256
Zhang TLee DJung CBahar IHerlihy MWitchel ELebeck A(2019)BOGOProceedings of the Twenty-Fourth International Conference on Architectural Support for Programming Languages and Operating Systems10.1145/3297858.3304017(631-644)Online publication date: 4-Apr-2019
https://dl.acm.org/doi/10.1145/3297858.3304017
Chen ZYan JKan SQian JXue JZhang DMøller A(2019)Detecting memory errors at runtime with source-level instrumentationProceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3293882.3330581(341-351)Online publication date: 10-Jul-2019
https://dl.acm.org/doi/10.1145/3293882.3330581
Liu DZhang MWang HLie DMannan MBackes MWang X(2018)A Robust and Efficient Defense against Use-after-Free Exploits via Concurrent Pointer SweepingProceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security10.1145/3243734.3243826(1635-1648)Online publication date: 15-Oct-2018
https://dl.acm.org/doi/10.1145/3243734.3243826
Burow NMcKee DCarr SPayer MKim JAhn GKim SKim YLopez JKim T(2018)CUPProceedings of the 2018 on Asia Conference on Computer and Communications Security10.1145/3196494.3196540(381-392)Online publication date: 29-May-2018
https://dl.acm.org/doi/10.1145/3196494.3196540
Chen ZYan JLi WQian JHuang ZChaudron MCrnkovic IChechik MHarman M(2018)Runtime verification of memory safety via source transformationProceedings of the 40th International Conference on Software Engineering: Companion Proceeedings10.1145/3183440.3194962(264-265)Online publication date: 27-May-2018
https://dl.acm.org/doi/10.1145/3183440.3194962
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents