research-article

Intel MPX Explained: A Cross-layer Analysis of the Intel MPX System Stack

Authors:

Oleksii Oleksenko,

Dmitrii Kuvaiskii,

Pramod Bhatotia,

Pascal Felber, and

Christof FetzerAuthors Info & Claims

Proceedings of the ACM on Measurement and Analysis of Computing Systems, Volume 2, Issue 2

Article No.: 28, Pages 1 - 30

https://doi.org/10.1145/3224423

Published: 13 June 2018 Publication History

Abstract

Memory-safety violations are the primary cause of security and reliability issues in software systems written in unsafe languages. Given the limited adoption of decades-long research in software-based memory safety approaches, as an alternative, Intel released Memory Protection Extensions (MPX)---a hardware-assisted technique to achieve memory safety. In this work, we perform an exhaustive study of Intel MPX architecture along three dimensions: (a) performance overheads, (b) security guarantees, and (c) usability issues. We present the first detailed root cause analysis of problems in the Intel MPX architecture through a cross-layer dissection of the entire system stack, involving the hardware, operating system, compilers, and applications. To put our findings into perspective, we also present an in-depth comparison of Intel MPX with three prominent types of software-based memory safety approaches. Lastly, based on our investigation, we propose directions for potential changes to the Intel MPX architecture to aid the design space exploration of future hardware extensions for memory safety.

References

[1]

Periklis Akritidis, Manuel Costa, Miguel Castro, and Steven Hand. 2009. Baggy Bounds Checking: An Efficient and Backwards-compatible Defense Against Out-of-bounds Errors. In Proceedings of the 18th Conference on USENIX Security Symposium (Sec).

Digital Library

[2]

Andrew Alexeev. 2016. nginx: The Architecture of Open Source Applications. http://www.aosabook.org/en/nginx.html. Online; accessed August, 2017.

[3]

Arthur Azevedo de Amorim, Maxime Dénès, Nick Giannarakis, Catalin Hritcu, Benjamin C. Pierce, Antal SpectorZabusky, and Andrew Tolmach. 2015. Micro-Policies: Formally Verified, Tag-Based Security Monitors. In 36th IEEE Symposium on Security and Privacy (Oakland S&P).

Digital Library

[4]

Emery D. Berger and Benjamin G. Zorn. 2006. DieHard: Probabilistic Memory Safety for Unsafe Languages. In Proceedings of the 27th Conference on Programming Language Design and Implementation (PLDI).

Digital Library

[5]

Christian Bienia and Kai Li. 2009. PARSEC 2.0: A New Benchmark Suite for Chip-Multiprocessors. In Proceedings of the 5th Annual Workshop on Modeling, Benchmarking and Simulation (MoBS).

[6]

The Tor Blog. 2017. Tor Browser 5.5a4-hardened is released. https://blog.torproject.org/blog/tor-browser-55a4- hardened-released. Online; accessed August, 2017.

[7]

Scott A. Carr and Mathias Payer. 2017. DataShield: Configurable Data Confidentiality and Integrity. In Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security (AsiaCCS).

Digital Library

[8]

David Chisnall, Colin Rothwell, Robert N.M. Watson, Jonathan Woodruff, Munraj Vadera, Simon W. Moore, Michael Roe, Brooks Davis, and Peter G. Neumann. 2015. Beyond the PDP-11: Architectural Support for a Memory-Safe C Abstract Machine. In Proceedings of the 20th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS).

Digital Library

[9]

CVE details. 2011. Memcached bug: CVE-2011--4971. http://www.cvedetails.com/cve/cve-2011--4971. Online; accessed August, 2017.

[10]

Udit Dhawan, Catalin Hritcu, Raphael Rubin, Nikos Vasilakis, Silviu Chiricescu, Jonathan M Smith, Thomas F Knight Jr, Benjamin C Pierce, and Andre DeHon. 2015. Architectural support for software-defined metadata processing. ACM SIGARCH Computer Architecture News (2015).

Digital Library

[11]

Dinakar Dhurjati and Vikram Adve. 2006. Backwards-compatible array bounds checking for C with very low overhead. In Proceeding of the 28th international conference on Software engineering (ICSE).

Digital Library

[12]

Dinakar Dhurjati, Sumant Kowshik, and Vikram Adve. 2006. SAFECode: enforcing alias analysis for weakly typed languages. In Proceedings of the 27th Conference on Programming Language Design and Implementation (PLDI).

Digital Library

[13]

Clang 7 documentation. 2018. Hardware-assisted AddressSanitizer Design Documentation. https://clang.llvm.org/ docs/HardwareAssistedAddressSanitizerDesign.html. Online; accessed May, 2018.

[14]

Gregory J. Duck and Roland H. C. Yap. 2016. Heap bounds protection with Low Fat Pointers. In Proceedings of the 25th International Conference on Compiler Construction (CC'16).

Digital Library

[15]

Gregory J. Duck, Roland H. C. Yap, and Lorenzo Cavallaro. 2017. Stack Bounds Protection with Low Fat Pointers. In Proceedings of the 2017 Network and Distributed System Security Symposium (NDSS '17).

[16]

Frank Eigler. 2016. Mudflap: pointer use checking for C/C++. https://gcc.gnu.org/wiki/Mudflap_Pointer_Debugging. Online; accessed August, 2017.

[17]

Ilya Enkovich. 2016. Intel(R) Memory Protection Extensions (Intel MPX) support in the GCC compiler. https: //gcc.gnu.org/wiki/Intel%20MPX%20support%20in%20the%20GCC%20compiler. Online; accessed August, 2017.

[18]

Brad Fitzpatrick. 2004. Distributed Caching with Memcached. In Linux Journal.

Digital Library

[19]

Niranjan Hasabnis, Ashish Misra, and R. Sekar. 2012. Light-weight Bounds Checking. In Proceedings of the 2012 International Symposium on Code Generation and Optimization (CGO).

Digital Library

[20]

Reed Hastings and Bob Joyce. 1991. Purify: Fast detection of memory leaks and access errors. In Proceedings of the Winter USENIX Conference.

[21]

John L. Henning. 2006. SPEC CPU2006 benchmark descriptions. ACM SIGARCH Computer Architecture News (2006).

Digital Library

[22]

Intel Corporation. 2013. Introduction to Intel(R) Memory Protection Extensions. https://software.intel.com/en-us/ Articles/introduction-to-intel-memory-protection-extensions. Online; accessed August, 2017.

[23]

Intel Corporation. 2016. Intel(R) Memory Protection Extensions Enabling Guide. https://software.intel.com/en-us/ Articles/intel-memory-protection-extensions-enabling-guide. Online; accessed August, 2017.

[24]

Intel Corporation. 2016. Intel® 64 and IA-32 Architectures Software Developer's Manual.

[25]

Trevor Jim, Greg Morrisett, Dan Grossman, Michael Hicks, James Cheney, and Yanling Wang. 2002. Cyclone: A safe dialect of C. In Proceedings of the 2002 Annual Technical Conference (ATC).

Digital Library

[26]

Koen Koning, Xi Chen, Herbert Bos, Cristiano Giuffrida, and Elias Athanasopoulos. 2017. No Need to Hide: Protecting Safe Regions on Commodity Hardware. In Proceedings of the Twelfth European Conference on Computer Systems (EuroSys).

Digital Library

[27]

Dmitrii Kuvaiskii, Rasha Faqeh, Pramod Bhatotia, Pascal Felber, and Christof Fetzer. 2016. HAFT: Hardware-assisted Fault Tolerance. In Proceedings of the Eleventh European Conference on Computer Systems (EuroSys).

Digital Library

[28]

Dmitrii Kuvaiskii, Oleksii Oleksenko, Sergei Arnautov, Bohdan Trach, Pramod Bhatotia, Pascal Felber, and Christof Fetzer. 2017. SGXBounds: Memory Safety for Shielded Execution. In Proceedings of the 2017 ACM European Conference on Computer Systems (EuroSys).

Digital Library

[29]

Volodymyr Kuznetsov, Laszlo Szekeres, Mathias Payer, George Candea, R. Sekar, and Dawn Song. 2014. Code-Pointer Integrity. In 11th USENIX Symposium on Operating Systems Design and Implementation (OSDI).

Digital Library

[30]

Albert Kwon, Udit Dhawan, Jonathan M. Smith, Thomas F. Knight, Jr., and Andre DeHon. 2013. Low-fat Pointers: Compact Encoding and Efficient Gate-level Implementation of Fat Pointers for Spatial Safety and Capability-based Security. In Proceedings of the 2013 Conference on Computer and Communications Security (CCS).

Digital Library

[31]

Kayvan Memarian, Justus Matthiesen, James Lingard, Kyndylan Nienhuis, David Chisnall, Robert N. M. Watson, and Peter Sewell. 2016. Into the Depths of C: Elaborating the De Facto Standards. In Proceedings of the 37th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI).

Digital Library

[32]

Microsoft Research. 2016. Checked C. https://www.microsoft.com/en-us/research/project/checked-c/. Online; accessed August, 2017.

[33]

Vishwath Mohan, Per Larsen, Stefan Brunthaler, Kevin W. Hamlen, and Michael Franz. 2015. Opaque Control-Flow Integrity. In Proceedings of the 22nd Annual Network and Distributed System Security Symposium (NDSS).

[34]

Santosh Nagarakatte, Milo M. K. Martin, and Steve Zdancewic. 2015. Everything You Want to Know About PointerBased Checking. In Proceedings of the 1st Summit on Advances in Programming Languages (SNAPL).

[35]

Santosh Nagarakatte, Jianzhou Zhao, Milo M.K. Martin, and Steve Zdancewic. 2009. SoftBound: Highly Compatible and Complete Spatial Memory Safety for C. In Proceedings of the 30th Conference on Programming Language Design and Implementation (PLDI).

Digital Library

[36]

Santosh Nagarakatte, Jianzhou Zhao, Milo M.K. Martin, and Steve Zdancewic. 2010. CETS: Compiler Enforced Temporal Safety for C. In Proceedings of the 2010 International Symposium on Memory Management (ISMM).

Digital Library

[37]

George C. Necula, Scott McPeak, Westley Weimer, George C. Necula, Scott McPeak, and Westley Weimer. 2002. CCured. In Proceedings of the 29th Symposium on Principles of Programming Languages (POPL).

[38]

Nicholas Nethercote and Julian Seward. 2007. Valgrind: A Framework for Heavyweight Dynamic Binary Instrumentation. In Proceedings of the 2007 Conference on Programming language design and implementation (PLDI).

Digital Library

[39]

Oleksii Oleksenko, Dmitrii Kuvaiskii, Pramod Bhatotia, Pascal Felber, and Christof Fetzer. 2016. Efficient Fault Tolerance using Intel MPX and TSX. In Proceedings of 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).

[40]

Oracle. 2017. Introduction to SPARC M7 and Silicon Secured Memory (SSM). https://swisdev.oracle.com/_files/WhatIs-SSM.html. Online; accessed August, 2017.

[41]

GCC Patches. 2018. Remove MPX support. https://gcc.gnu.org/ml/gcc-patches/2018-04/msg01225.html. Online; accessed May, 2018.

[42]

Marios Pomonis, Theofilos Petsios, Angelos D. Keromytis, Michalis Polychronakis, and Vasileios P. Kemerlis. 2017. kR xor X: Comprehensive Kernel Protection Against Just-In-Time Code Reuse. In Proceedings of the Twelfth European Conference on Computer Systems (EuroSys).

Digital Library

[43]

C. Ranger, R. Raghuraman, A. Penmetsa, G. Bradski, and C. Kozyrakis. 2007. Evaluating MapReduce for multi-core and multiprocessor systems. In Proceedings of the 13th International Symposium on High Performance Computer Architecture (HPCA).

Digital Library

[44]

Olatunji Ruwase and Monica S. Lam. 2004. A Practical Dynamic Buffer Overflow Detector. In Proceeding of the Network and Distributed System Security Symposium (NDSS).

[45]

Konstantin Serebryany. 2016. Discussion of Intel Memory Protection Extensions (MPX) and comparison with AddressSanitizer. https://github.com/google/sanitizers/wiki/AddressSanitizerIntelMemoryProtectionExtensions. Online; accessed August, 2017.

[46]

Konstantin Serebryany, Derek Bruening, Alexander Potapenko, and Dmitriy Vyukov. 2012. AddressSanitizer: A Fast Address Sanity Checker. In Proceedings of the 2012 Annual Technical Conference (ATC).

Digital Library

[47]

Matthew S. Simpson and Rajeev K. Barua. 2013. MemSafe: Ensuring the Spatial and Temporal Memory Safety of C at Runtime. Software Ð Practice and Experience (2013).

Digital Library

[48]

The Apache software foundation. 2016. Apache HTTP Server Project. http://httpd.apache.org/. Online; accessed August, 2017.

[49]

Synopsys. 2016. The Heartbleed Bug. http://heartbleed.com/. Online; accessed August, 2017.

[50]

Laszlo Szekeres, Mathias Payer, Tao Wei, and Dawn Song. 2013. SoK: Eternal War in Memory. In Proceedings of the Symposium on Security and Privacy (SP).

Digital Library

[51]

Ted Unangst. 2014. Heartbleed vs malloc.conf. http://www.tedunangst.com/flak/post/heartbleed-vs-mallocconf. Online; accessed August, 2017.

[52]

The Register. 2014. Anatomy of OpenSSL's Heartbleed: Just four bytes trigger horror bug. http://www.theregister.co. uk/2014/04/09/heartbleed_explained/. Online; accessed August, 2017.

[53]

Victor van der Veen, Nitish Dutt Sharma, Lorenzo Cavallaro, and Herbert Bos. 2012. Memory Errors: The Past, the Present, and the Future. In Proceedings of the 15th International Symposium on Research in Attacks, Intrusions and Defenses (RAID).

Digital Library

[54]

VN Security. 2013. Analysis of nginx 1.3.9/1.4.0 stack buffer overflow and x64 exploitation (CVE-2013--2028). http: //www.vnsecurity.net/research/2013/05/21/analysis-of-nginx-cve-2013--2028.html. Online; accessed August, 2017.

[55]

Jonas Wagner, Volodymyr Kuznetsov, George Candea, and Johannes Kinder. 2015. High System-Code Security with Low Overhead. In Proceedings of the 2015 Symposium on Security and Privacy (SP).

Digital Library

[56]

John Wilander, Nick Nikiforakis, Yves Younan, Mariam Kamkar, and Wouter Joosen. 2011. RIPE: Runtime Intrusion Prevention Evaluator. In Proceedings of the 27th Annual Computer Security Applications Conference (ACSAC)

Digital Library

[57]

Jonathan Woodruff, Robert N.M. Watson, David Chisnall, Simon W. Moore, Jonathan Anderson, Brooks Davis, Ben Laurie, Peter G. Neumann, Robert Norton, and Michael Roe. 2014. The CHERI Capability Model: Revisiting RISC in an Age of Risk. In Proceeding of the 41st Annual International Symposium on Computer Architecture (ISCA).

Digital Library

[58]

Yichen Xie, Andy Chou, and Dawson Engler. 2003. ARCHER : Using Symbolic, Path-sensitive Analysis to Detect Memory Access Errors. ACM SIGSOFT Software Engineering Notes (2003).

Digital Library

[59]

Junfeng Yang, Ang Cui, Sal Stolfo, and Simha Sethumadhavan. 2012. Concurrency Attacks. In Proceedings of the 4th Conference on Hot Topics in Parallelism (HotPar).

Digital Library

Cited By

LI LZHANG QXU ZZHAO SSHI ZGUAN Y(2024)rOOM: A Rust-Based Linux Out of Memory Kernel ComponentIEICE Transactions on Information and Systems10.1587/transinf.2023MPP0001E107.D:3(245-256)Online publication date: 1-Mar-2024
https://doi.org/10.1587/transinf.2023MPP0001
Moghadam VSerra GAromolo FButtazzo GPrinetto P(2024)Memory Integrity Techniques for Memory-Unsafe Languages: A SurveyIEEE Access10.1109/ACCESS.2024.338047812(43201-43221)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3380478
Show More Cited By

Index Terms

Intel MPX Explained: A Cross-layer Analysis of the Intel MPX System Stack
1. Security and privacy
  1. Software and application security
    1. Software security engineering

Recommendations

BOGO: Buy Spatial Memory Safety, Get Temporal Memory Safety (Almost) Free
ASPLOS '19: Proceedings of the Twenty-Fourth International Conference on Architectural Support for Programming Languages and Operating Systems

A memory safety violation occurs when a program has an out-of-bound (spatial safety) or use-after-free (temporal safety) memory access. Given its importance as a security vulnerability, recent Intel processors support hardware-accelerated bound checks, ...
Read More
Intel MPX Explained: A Cross-layer Analysis of the Intel MPX System Stack
SIGMETRICS '18

Memory-safety violations are the primary cause of security and reliability issues in software systems written in unsafe languages. Given the limited adoption of decades-long research in software-based memory safety approaches, as an alternative, Intel ...
Read More
Intel MPX Explained: A Cross-layer Analysis of the Intel MPX System Stack
SIGMETRICS '18: Abstracts of the 2018 ACM International Conference on Measurement and Modeling of Computer Systems

Memory-safety violations are the primary cause of security and reliability issues in software systems written in unsafe languages. Given the limited adoption of decades-long research in software-based memory safety approaches, as an alternative, Intel ...
Read More

Comments

Information & Contributors

Information

Published In

cover image Proceedings of the ACM on Measurement and Analysis of Computing Systems

Proceedings of the ACM on Measurement and Analysis of Computing Systems Volume 2, Issue 2

June 2018

370 pages

EISSN:2476-1249

DOI:10.1145/3232754

Editors:
Augustin Chaintreau
Columbia University
,
Aditya Akella
University of Wisconsin-Madison
,
Adam Wierman
California Institute of Technology

Issue’s Table of Contents

Copyright © 2018 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 13 June 2018

Published in POMACS Volume 2, Issue 2

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

40
Total Citations
View Citations
670
Total Downloads

Downloads (Last 12 months)84
Downloads (Last 6 weeks)6

Other Metrics

View Author Metrics

Citations

Cited By

LI LZHANG QXU ZZHAO SSHI ZGUAN Y(2024)rOOM: A Rust-Based Linux Out of Memory Kernel ComponentIEICE Transactions on Information and Systems10.1587/transinf.2023MPP0001E107.D:3(245-256)Online publication date: 1-Mar-2024
https://doi.org/10.1587/transinf.2023MPP0001
Moghadam VSerra GAromolo FButtazzo GPrinetto P(2024)Memory Integrity Techniques for Memory-Unsafe Languages: A SurveyIEEE Access10.1109/ACCESS.2024.338047812(43201-43221)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3380478
Degani LSalehi MMartinelli FCrispo B(2024)$$\mu $$IPS: Software-Based Intrusion Prevention for Bare-Metal Embedded SystemsComputer Security – ESORICS 202310.1007/978-3-031-51482-1_16(311-331)Online publication date: 11-Jan-2024
https://doi.org/10.1007/978-3-031-51482-1_16
Bitchebe SKone YOlivier PBoukhobza JBromberg YHagimont DTchana A(2023)GuaNary: Efficient Buffer Overflow Detection In Virtualized Clouds Using Intel EPT-based Sub-Page Write Protection SupportProceedings of the ACM on Measurement and Analysis of Computing Systems10.1145/36267877:3(1-26)Online publication date: 7-Dec-2023
https://dl.acm.org/doi/10.1145/3626787
Xu SLiu EHuang WLie D(2023)MIFP: Selective Fat-Pointer Bounds Compression for Accurate Bounds CheckingProceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses10.1145/3607199.3607212(609-622)Online publication date: 16-Oct-2023
https://dl.acm.org/doi/10.1145/3607199.3607212
Brohet MRegazzoni F(2023)A Survey on Thwarting Memory Corruption in RISC-VACM Computing Surveys10.1145/360490656:2(1-29)Online publication date: 17-Jun-2023
https://dl.acm.org/doi/10.1145/3604906
Zhang YLiu TSun ZChen ZLi XZuo ZJust RFraser G(2023)Catamaran: Low-Overhead Memory Safety Enforcement via Parallel AccelerationProceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3597926.3598098(816-828)Online publication date: 12-Jul-2023
https://dl.acm.org/doi/10.1145/3597926.3598098
Tarek Ibn Ziad MDamani SJaleel AKeckler SStephenson M(2023)cuCatch: A Debugging Tool for Efficiently Catching Memory Safety Violations in CUDA ApplicationsProceedings of the ACM on Programming Languages10.1145/35912257:PLDI(124-147)Online publication date: 6-Jun-2023
https://dl.acm.org/doi/10.1145/3591225
Michael AGollamudi ABosamiya JJohnson EDenlinger ADisselkoen CWatt CParno BPatrignani MVassena MStefan D(2023)MSWasm: Soundly Enforcing Memory-Safe Execution of Unsafe CodeProceedings of the ACM on Programming Languages10.1145/35712087:POPL(425-454)Online publication date: 11-Jan-2023
https://dl.acm.org/doi/10.1145/3571208
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Issue’s Table of Contents