Issue No. 03 - May-June (2013 vol. 33)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MM.2013.26
Steve Zdancewic , University of Pennsylvania
Milo M.K. Martin , University of Pennsylvania
Santosh Nagarakatte , Rutgers University
The lack of memory safety in languages such as C and C++ is a root source of exploitable security vulnerabilities. This article presents Watchdog, a hardware approach that eliminates such vulnerabilities by enforcing comprehensive memory safety. Inspired by prior software-only mechanisms, Watchdog maintains bounds and identifier metadata with pointers, propagates them on pointer operations, and checks them on pointer dereferences. Checking this bounds and identifier metadata provides both precise, byte-granularity buffer-overflow protection and protection from use-after-free errors, even in the presence of reallocations. Watchdog stores pointer metadata in a disjoint shadow space to provide comprehensive protection and ensure compatibility with existing code. To streamline implementation and reduce runtime overhead, Watchdog uses micro-operations to implement metadata access and checking, eliminates metadata copies via a register renaming scheme, and uses a dedicated identifier cache to reduce checking overhead.
Computer architecture, Computer languages, Memory management, Computer security, Instruction set design, Program processors, instruction set design, watchdog, hardware support for security, microarchitecture, processor architectures, hardware/software interfaces
Steve Zdancewic, Milo M.K. Martin, Santosh Nagarakatte, "Hardware-Enforced Comprehensive Memory Safety", IEEE Micro, vol. 33, no. , pp. 38-47, May-June 2013, doi:10.1109/MM.2013.26