Proceedings ArticleDOI
WatchdogLite: Hardware-Accelerated Compiler-Based Pointer Checking
Santosh Nagarakatte,Milo M. K. Martin,Steve Zdancewic +2 more
- pp 175-184
TLDR
This paper proposes WatchdogLite, an ISA extension that provides hardware acceleration for a compiler implementation of pointer-based checking, which attains performance similar to prior hardware-intensive approaches without adding any hardware structures for tracking metadata.Abstract:
Lack of memory safety in C is the root cause of a multitude of serious bugs and security vulnerabilities. Numerous software-only and hardware-based schemes have been proposed to enforce memory safety. Among these approaches, pointer-based checking, which maintains per-pointer metadata in a disjoint metadata space, has been recognized as providing comprehensive memory safety. Software approaches for pointer-based checking have high performance overheads. In contrast, hardware approaches introduce a myriad of hardware structures and widgets to mitigate those performance overheads.This paper proposes WatchdogLite, an ISA extension that provides hardware acceleration for a compiler implementation of pointer-based checking. This division of labor between the compiler and the hardware allows for hardware acceleration while using only preexisting architectural registers. By leveraging the compiler to identify pointers, perform check elimination, and insert the new instructions, this approach attains performance similar to prior hardware-intensive approaches without adding any hardware structures for tracking metadata.read more
Citations
More filters
Proceedings ArticleDOI
Bringing the web up to speed with WebAssembly
Andreas Haas,Andreas Rossberg,Derek L. Schuff,Ben L. Titzer,Michael Holman,Dan Gohman,Luke Wagner,Alon Zakai,JF Bastien +8 more
TL;DR: The motivation, design and formal semantics of WebAssembly are described, some preliminary experience with implementations are provided, and it is described how WebAssembly is an abstraction over modern hardware, making it language-, hardware-, and platform-independent, with use cases beyond just the Web.
Proceedings ArticleDOI
SoK: Sanitizing for Security
Dokyung Song,Julian Lettner,Prabhu Rajasekaran,Yeoul Na,Stijn Volckaert,Per Larsen,Michael Franz +6 more
TL;DR: This work provides a systematic overview of sanitizers with an emphasis on their role in finding security issues, taxonomize the available tools and the security vulnerabilities they cover, describe their performance and compatibility properties, and highlight various trade-offs.
Proceedings ArticleDOI
HDFI: Hardware-Assisted Data-Flow Isolation
Chengyu Song,Hyungon Moon,Monjur Alam,Insu Yun,Byoungyoung Lee,Taesoo Kim,Wenke Lee,Yunheung Paek +7 more
TL;DR: This paper presents hardware-assisted data-flow isolation, or, HDFI, a new fine-grained data isolation mechanism that is broadly applicable and very efficient, and enforces isolation at the machine word granularity.
Journal ArticleDOI
Security Vulnerabilities, Attacks, Countermeasures, and Regulations of Networked Medical Devices—A Review
TL;DR: Security vulnerabilities present in state-of-the-art medical devices are studied by studying security tests and the attacks demonstrated by the researchers on more than a hundred devices to assist researchers to get an overview of loopholes present in medical devices and existing countermeasures.
Proceedings ArticleDOI
Architectural Support for Software-Defined Metadata Processing
Udit Dhawan,Catalin Hritcu,Raphael Rubin,Nikos Vasilakis,Silviu Chiricescu,Jonathan M. Smith,Thomas F. Knight,Benjamin C. Pierce,André DeHon +8 more
TL;DR: This work generalizes prior work on hardware tagging by considering a generic architecture that supports software-defined policies over metadata of arbitrary size and complexity and introduces several novel microarchitectural optimizations that keep the overhead of this rich processing low.
References
More filters
Proceedings ArticleDOI
Valgrind: a framework for heavyweight dynamic binary instrumentation
TL;DR: Valgrind is described, a DBI framework designed for building heavyweight DBA tools that can be used to build more interesting, heavyweight tools that are difficult or impossible to build with other DBI frameworks such as Pin and DynamoRIO.
Proceedings Article
AddressSanitizer: a fast address sanity checker
TL;DR: The paper presents AddressSanitizer, a new memory error detector that achieves efficiency without sacrificing comprehensiveness, and has found over 300 previously unknown bugs in the Chromium browser and many bugs in other software.
Proceedings ArticleDOI
Countering code-injection attacks with instruction-set randomization
TL;DR: A new, general approach for safeguarding systems against any type of code-injection attack, by creating process-specific randomized instruction sets of the system executing potentially vulnerable software that can serve as a low-overhead protection mechanism, and can easily complement other mechanisms.
Proceedings ArticleDOI
SoK: Eternal War in Memory
TL;DR: The current knowledge about various protection techniques are systematized by setting up a general model for memory corruption attacks, and what policies can stop which attacks are shown, to analyze the reasons why protection mechanisms implementing stricter polices are not deployed.
Proceedings ArticleDOI
SoftBound: highly compatible and complete spatial memory safety for c
TL;DR: Inspired by HardBound, a previously proposed hardware-assisted approach, SoftBound similarly records base and bound information for every pointer as disjoint metadata, which enables SoftBound to provide spatial safety without requiring changes to C source code.