Practical Byte-Granular Memory Blacklisting using Califorms

by   Hiroshi Sasaki, et al.

Recent rapid strides in memory safety tools and hardware have improved software quality and security. While coarse-grained memory safety has improved, achieving memory safety at the granularity of individual objects remains a challenge due to high performance overheads which can be between 1.7x-2.2x. In this paper, we present a novel idea called Califorms, and associated program observations, to obtain a low overhead security solution for practical, byte-granular memory safety. The idea we build on is called memory blacklisting, which prohibits a program from accessing certain memory regions based on program semantics. State of the art hardware-supported memory blacklisting while much faster than software blacklisting creates memory fragmentation (of the order of few bytes) for each use of the blacklisted location. In this paper, we observe that metadata used for blacklisting can be stored in dead spaces in a program's data memory and that this metadata can be integrated into microarchitecture by changing the cache line format. Using these observations, Califorms based system proposed in this paper reduces the performance overheads of memory safety to 1.02x-1.16x while providing byte-granular protection and maintaining very low hardware overheads. The low overhead offered by Califorms enables always on, memory safety for small and large objects alike, and the fundamental idea of storing metadata in empty spaces, and microarchitecture can be used for other security and performance applications.


page 1

page 2

page 3

page 4


FRAMER: A Cache-friendly Software-based Capability Model

Fine-grained memory protection for C and C++ programs must track individ...

Fat Pointers for Temporal Memory Safety of C

Temporal memory safety bugs, especially use-after-free and double free b...

PTAuth: Temporal Memory Safety via Robust Points-to Authentication

Temporal memory corruptions are commonly exploited software vulnerabilit...

Fast Fuzzing for Memory Errors

Greybox fuzzing is a proven effective testing method for the detection o...

CRAM: Efficient Hardware-Based Memory Compression for Bandwidth Enhancement

This paper investigates hardware-based memory compression designs to inc...

On the Cost of Concurrency in Hybrid Transactional Memory

State-of-the-art software transactional memory (STM) implementations ach...

Memory Tagging and how it improves C/C++ memory safety

Memory safety in C and C++ remains largely unresolved. A technique usual...

Please sign up or login with your details

Forgot password? Click here to reset