Projekte pro Jahr
Abstract
C/C++ memory safety issues, such as out-of-bounds errors, are still prevalent in today's applications. The presence of a single exploitable software bug allows an adversary to gain unauthorized memory access and ultimately compromise the entire system. Typically, memory safety schemes only achieve widespread adaption if they provide lightweight and practical security. Thus, hardware support is indispensable. However, countermeasures often restrict unauthorized access to data using heavy-weight protection mechanisms that extensively reshape the processor's microarchitecture and break legacy compatibility.
This paper presents cryptographically sealed pointers, a novel approach for memory safety based on message authentication codes (MACs) and object-granular metadata that is efficiently scaled and stored in tagged memory. The MAC cryptographically binds the object's bounds and liveness information, represented by the corresponding address range and memory tag, to the pointer. Through recent low-latency block cipher designs, we are able to authenticate sealed pointers on every memory access, cryptographically enforcing temporal and spatial memory safety. Our lightweight ISA extension only requires minimal hardware changes while maintaining binary compatibility. We systematically analyze the security and efficacy of our design using the NIST Juliet C/C++ test suite. The simulated performance overhead of our prototype implementation showcases competitive results for the SPEC CPU2017 benchmark suite with an average overhead of just 1.3 % and 9.5 % for the performance and efficiency modes, respectively.
This paper presents cryptographically sealed pointers, a novel approach for memory safety based on message authentication codes (MACs) and object-granular metadata that is efficiently scaled and stored in tagged memory. The MAC cryptographically binds the object's bounds and liveness information, represented by the corresponding address range and memory tag, to the pointer. Through recent low-latency block cipher designs, we are able to authenticate sealed pointers on every memory access, cryptographically enforcing temporal and spatial memory safety. Our lightweight ISA extension only requires minimal hardware changes while maintaining binary compatibility. We systematically analyze the security and efficacy of our design using the NIST Juliet C/C++ test suite. The simulated performance overhead of our prototype implementation showcases competitive results for the SPEC CPU2017 benchmark suite with an average overhead of just 1.3 % and 9.5 % for the performance and efficiency modes, respectively.
Originalsprache | englisch |
---|---|
Titel | CCS 2023 - Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security |
Herausgeber (Verlag) | Association of Computing Machinery |
Seiten | 889-903 |
Seitenumfang | 15 |
ISBN (elektronisch) | 9798400700507 |
DOIs | |
Publikationsstatus | Veröffentlicht - 15 Nov. 2023 |
Veranstaltung | 30th ACM Conference on Computer and Communications Security: CCS 2023 - Copenhagen, Dänemark Dauer: 26 Nov. 2023 → 30 Nov. 2023 |
Publikationsreihe
Name | CCS 2023 - Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security |
---|
Konferenz
Konferenz | 30th ACM Conference on Computer and Communications Security |
---|---|
Land/Gebiet | Dänemark |
Ort | Copenhagen |
Zeitraum | 26/11/23 → 30/11/23 |
ASJC Scopus subject areas
- Software
- Hardware und Architektur
Fingerprint
Untersuchen Sie die Forschungsthemen von „Cryptographically Enforced Memory Safety“. Zusammen bilden sie einen einzigartigen Fingerprint.-
AWARE - Hardware-gewährleistete Softwaresicherheit
Mangard, S. (Teilnehmer (Co-Investigator))
1/05/22 → 30/04/25
Projekt: Forschungsprojekt
-
SEIZE - Secure Edge-Geräte für industrielle Zero-Trust Umgebungen
Mangard, S. (Teilnehmer (Co-Investigator))
1/01/22 → 31/12/24
Projekt: Forschungsprojekt