Low-fat pointers: compact encoding and efficient gate-level implementation of fat pointers for spatial safety and capability-based security
Albert Kwon,Udit Dhawan,Jonathan M. Smith,Thomas F. Knight,André DeHon +4 more
- pp 721-732
Reads0
Chats0
TLDR
To achieve the safety of fat pointers without increasing program state, this work compactly encode approximate base and bound pointers along with exact address pointers for a 46b address space into one 64-bit word with a worst-case memory overhead of 3%.Abstract:
Referencing outside the bounds of an array or buffer is a common source of bugs and security vulnerabilities in today's software. We can enforce spatial safety and eliminate these violations by inseparably associating bounds with every pointer (fat pointer) and checking these bounds on every memory access. By further adding hardware-managed tags to the pointer, we make them unforgeable. This, in turn, allows the pointers to be used as capabilities to facilitate fine-grained access control and fast security domain crossing. Dedicated checking hardware runs in parallel with the processor's normal datapath so that the checks do not slow down processor operation (0% runtime overhead). To achieve the safety of fat pointers without increasing program state, we compactly encode approximate base and bound pointers along with exact address pointers for a 46b address space into one 64-bit word with a worst-case memory overhead of 3%. We develop gate-level implementations of the logic for updating and validating these compact fat pointers and show that the hardware requirements are low and the critical paths for common operations are smaller than processor ALU operations. Specifically, we show that the fat-pointer check and update operations can run in a 4 ns clock cycle on a Virtex 6 (40nm) implementation while only using 1100 6-LUTs or about the area of a double-precision, floating-point adder.read more
Citations
More filters
Proceedings ArticleDOI
Khaos: The Impact of Inter-procedural Code Obfuscation on Binary Diffing Techniques
Peihua Zhang,Chenggang Wu,Ming-Hong Peng,Kai Zeng,Ding Yu,Yuan-Chen Lai,Yan Kang,Wei Wang,Zhe Wang +8 more
TL;DR: Khaos as mentioned in this paper proposes a new inter-procedural code obfuscation mechanism, which moves the code across functions to obfuscate the function by using compilation optimizations, which can achieve more accurate function matching and identification by extracting the features within the function.
Journal ArticleDOI
Exploring effective uses of the tagged memory for reducing bounds checking overheads
Jiwon Seo,Inyoung Bang,Yung-Suk Cho,Jangseop Shin,Dong Ryeol Hwang,Donghyun Kwon,Yeongpil Cho,Yunheung Paek +7 more
Proceedings Article
TAILCHECK: A Lightweight Heap Overflow Detection Mechanism with Page Protection and Tagged Pointers
Michael Ferdman,Dongyoon Lee +1 more
TL;DR: TAILCHECK as mentioned in this paper leverages page protection and pointer tagging to detect heap overflow vulnerabilities in C and C++ programs, where the distance from an object to its TailObject is stored in the unused high-order bits of the object pointer.
Patent
Peripheral based memory safety scheme for multi-core platforms
TL;DR: In this paper, a computing system using low-fat pointers, including a memory configured to be accessed by lowfat pointers; a processing core configured to access the memory; an interrupt controller configured to receive interrupts and to communicate interrupts to processes running on the processing core.
Posted Content
SMA: Eliminate Memory Spatial Errors via Saturation Memory Access.
TL;DR: The Saturation Memory Access (SMA), a memory spatial error elimination tool that prevents out-of-bound access without terminating the execution of a program, is proposed and implemented on LLVM 4.0.1 with two pointer encoding schemes designed for different tradeoff decisions between performance and memory usage.
References
More filters
Journal ArticleDOI
The gem5 simulator
Nathan Binkert,Bradford M. Beckmann,Gabriel Black,Steven K. Reinhardt,Ali G. Saidi,Arkaprava Basu,Joel Hestness,Derek R. Hower,Tushar Krishna,Somayeh Sardashti,Rathijit Sen,Korey Sewell,Muhammad Shoaib,Nilay Vaish,Mark D. Hill,Darien Wood +15 more
TL;DR: The high level of collaboration on the gem5 project, combined with the previous success of the component parts and a liberal BSD-like license, make gem5 a valuable full-system simulation tool.
Journal ArticleDOI
SPEC CPU2006 benchmark descriptions
TL;DR: On August 24, 2006, the Standard Performance Evaluation Corporation (SPEC) announced CPU2006, which replaces CPU2000, and the SPEC CPU benchmarks are widely used in both industry and academia.
Proceedings Article
Cyclone: A Safe Dialect of C
TL;DR: This paper examines safety violations enabled by C’s design, and shows how Cyclone avoids them, without giving up C”s hallmark control over low-level details such as data representation and memory management.
Journal ArticleDOI
Programming semantics for multiprogrammed computations
Jack B. Dennis,Earl C. Van Horn +1 more
TL;DR: The semantics are defined for a number of meta-instructions which perform operations essential to the writing of programs in multiprogrammed computer systems.