CGuard: Efficient Spatial Safety for C

by   Piyus Kedia, et al.

Spatial safety violations are the root cause of many security attacks and unexpected behavior of applications. Existing techniques to enforce spatial safety work broadly at either object or pointer granularity. Object-based approaches tend to incur high CPU overheads, whereas pointer-based approaches incur both high CPU and memory overheads. SGXBounds, an object-based approach, is so far the most efficient technique that provides complete out-of-bounds protection for objects. However, a major drawback of this approach is that it can't support address space larger than 32-bit. In this paper, we present CGuard, a tool that provides object-bounds protection for C applications with comparable overheads to SGXBounds without restricting the application address space. CGuard stores the bounds information just before the base address of an object and encodes the relative offset of the base address in the spare bits of the virtual address available in x86_64 architecture. For an object that can't fit in the spare bits, CGuard uses a custom memory layout that enables it to find the base address of the object in just one memory access. Our study revealed spatial safety violations in the gcc and x264 benchmarks from the SPEC CPU2017 benchmark suite and the string_match benchmark from the Phoenix benchmark suite. The execution time overheads for the SPEC CPU2017 and Phoenix benchmark suites were 42 whereas the reduction in the throughput for the Apache webserver when the CPUs were fully saturated was 30 effective while maintaining a reasonable degree of efficiency.


FRAMER: A Cache-friendly Software-based Capability Model

Fine-grained memory protection for C and C++ programs must track individ...

L4 Pointer: An efficient pointer extension for spatial memory safety support without hardware extension

Since buffer overflow has long been a frequently occurring, high-risk vu...

SPAM: Stateless Permutation of Application Memory

In this paper, we propose the Stateless Permutation of Application Memor...

CHOP: Bypassing Runtime Bounds Checking Through Convex Hull OPtimization

Unsafe memory accesses in programs written using popular programming lan...

PTAuth: Temporal Memory Safety via Robust Points-to Authentication

Temporal memory corruptions are commonly exploited software vulnerabilit...

Color My World: Deterministic Tagging for Memory Safety

Hardware-assisted memory protection features are increasingly being depl...

Memory Tagging and how it improves C/C++ memory safety

Memory safety in C and C++ remains largely unresolved. A technique usual...

Please sign up or login with your details

Forgot password? Click here to reset