The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.03 - May-June (2013 vol.33)
pp: 38-47
Santosh Nagarakatte , Rutgers University
Milo M.K. Martin , University of Pennsylvania
Steve Zdancewic , University of Pennsylvania
ABSTRACT
The lack of memory safety in languages such as C and C++ is a root source of exploitable security vulnerabilities. This article presents Watchdog, a hardware approach that eliminates such vulnerabilities by enforcing comprehensive memory safety. Inspired by prior software-only mechanisms, Watchdog maintains bounds and identifier metadata with pointers, propagates them on pointer operations, and checks them on pointer dereferences. Checking this bounds and identifier metadata provides both precise, byte-granularity buffer-overflow protection and protection from use-after-free errors, even in the presence of reallocations. Watchdog stores pointer metadata in a disjoint shadow space to provide comprehensive protection and ensure compatibility with existing code. To streamline implementation and reduce runtime overhead, Watchdog uses micro-operations to implement metadata access and checking, eliminates metadata copies via a register renaming scheme, and uses a dedicated identifier cache to reduce checking overhead.
INDEX TERMS
Computer architecture, Computer languages, Memory management, Computer security, Instruction set design, Program processors, instruction set design, watchdog, hardware support for security, microarchitecture, processor architectures, hardware/software interfaces
CITATION
Santosh Nagarakatte, Milo M.K. Martin, Steve Zdancewic, "Hardware-Enforced Comprehensive Memory Safety", IEEE Micro, vol.33, no. 3, pp. 38-47, May-June 2013, doi:10.1109/MM.2013.26
REFERENCES
1. J. Pincus and B. Baker, "Beyond Stack Smashing: Recent Advances in Exploiting Buffer Overruns," IEEE Security & Privacy, 2004, vol. 2, no. 4, pp. 20-27.
2. P. Porras, H. Saidi, and V. Yegneswaran, An Analysis of Conficker's Logic and Rendezvous Points, tech. report, SRI Int'l, Feb. 2009.
3. J. Devietti et al, "HardbounD: Architectural Support for Spatial Safety of the C Programming Language," Proc. 13th Int'l Conf. Architectural Support for Programming Languages and Operating Systems, ACM, 2008, pp. 103-114.
4. S. Nagarakatte, M.M.K. Martin, and S. Zdancewic, "Watchdog: Hardware for Safe and Secure Manual Memory Management and Full Memory Safety," Proc. 39th Ann. Int'l Symp. Computer Architecture, ACM, 2012, pp. 189-200.
5. S. Nagarakatte et al, "SoftBounD: Highly Compatible and Complete Spatial Memory Safety for C," Proc. SIGPLAN Conf. Programming Language Design and Implementation, ACM, 2009, pp. 245-258.
6. S. Nagarakatte et al, "CETS: Compiler Enforced Temporal Safety for C," Proc. Int'l Symp. Memory Management, ACM, 2010, pp. 31-40.
7. T.M. Austin, S.E. Breach, and G.S. Sohi, "Efficient Detection of All Pointer and Array Access Errors," Proc. SIGPLAN Conf. Programming Language Design and Implementation, ACM, 1994, pp. 290-301.
8. W. Chuang, S. Narayanasamy, and B. Calder, "Accelerating Meta Data Checks for Software Correctness and Security," J. Instruction-Level Parallelism, June 2007, pp. 1-26.
9. T. Jim et al, "Cyclone: A Safe Dialect of C," Proc. USENIX Ann. Technical Conf., USENIX Assoc., 2002, pp. 275-288.
10. G.C. Necula et al, "CCureD: Type-Safe Retrofitting of Legacy Software," ACM Trans. Programming Languages and Systems, May 2005, pp. 477-526.
11. H. Patil and C.N. Fischer, "Low-Cost, Concurrent Checking of Pointer and Array Accesses in C Programs," Software—Practice & Experience, vol. 27, no. 1, 1997, pp. 87-110.
12. W. Xu, D.C. DuVarney, and R. Sekar, "An Efficient and Backwards-Compatible Transformation to Ensure Memory Safety of C Programs," Proc. 12th ACM SIGSOFT Int'l Symp. Foundations of Software Eng., ACM, 2004, pp. 117-126.
13. K. Ganesh, "Pointer Checker: Easily Catch Out-of-Bounds Memory Accesses," Intel, 2012, http://software.intel.com/sites/products/ parallelmag/singlearticles/issue117080_2_IN_ParallelMag_Issue11_Pointer_Checker.pdf.
14. M.L. Corliss, E.C. Lewis, and A. Roth, "DISE: A Programmable Macro Engine for Customizing Applications," Proc. 30th Ann. Int'l Symp. Computer Architecture, ACM, 2003, pp. 362-373.
15. V. Petric, T. Sha, and A. Roth, "RENO: A Rename-Based Instruction Optimizer," Proc. 32nd Ann. Int'l Symp. Computer Architecture, IEEE, 2005, pp. 216-225.
16. S. Nagarakatte, "Practical Low-Overhead Enforcement of Memory Safety for C Programs," doctoral thesis, Computer and Information Sciences Dept., Univ. of Pennsylvania, 2012.
20 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool