Cryptographically Enforced Memory Safety

Martin Unterguggenberger*, David Schrammel, Lukas Lamster, Pascal Nasahl, Stefan Mangard

*Korrespondierende/r Autor/-in für diese Arbeit

Publikation: Beitrag in Buch/Bericht/KonferenzbandBeitrag in einem KonferenzbandBegutachtung

Abstract

C/C++ memory safety issues, such as out-of-bounds errors, are still prevalent in today's applications. The presence of a single exploitable software bug allows an adversary to gain unauthorized memory access and ultimately compromise the entire system. Typically, memory safety schemes only achieve widespread adaption if they provide lightweight and practical security. Thus, hardware support is indispensable. However, countermeasures often restrict unauthorized access to data using heavy-weight protection mechanisms that extensively reshape the processor's microarchitecture and break legacy compatibility.

This paper presents cryptographically sealed pointers, a novel approach for memory safety based on message authentication codes (MACs) and object-granular metadata that is efficiently scaled and stored in tagged memory. The MAC cryptographically binds the object's bounds and liveness information, represented by the corresponding address range and memory tag, to the pointer. Through recent low-latency block cipher designs, we are able to authenticate sealed pointers on every memory access, cryptographically enforcing temporal and spatial memory safety. Our lightweight ISA extension only requires minimal hardware changes while maintaining binary compatibility. We systematically analyze the security and efficacy of our design using the NIST Juliet C/C++ test suite. The simulated performance overhead of our prototype implementation showcases competitive results for the SPEC CPU2017 benchmark suite with an average overhead of just 1.3 % and 9.5 % for the performance and efficiency modes, respectively.
Originalspracheenglisch
TitelCCS 2023 - Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security
Herausgeber (Verlag)Association of Computing Machinery
Seiten889-903
Seitenumfang15
ISBN (elektronisch)9798400700507
DOIs
PublikationsstatusVeröffentlicht - 15 Nov. 2023
Veranstaltung30th ACM Conference on Computer and Communications Security: CCS 2023 - Copenhagen, Dänemark
Dauer: 26 Nov. 202330 Nov. 2023

Publikationsreihe

NameCCS 2023 - Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security

Konferenz

Konferenz30th ACM Conference on Computer and Communications Security
Land/GebietDänemark
OrtCopenhagen
Zeitraum26/11/2330/11/23

ASJC Scopus subject areas

  • Software
  • Hardware und Architektur

Fingerprint

Untersuchen Sie die Forschungsthemen von „Cryptographically Enforced Memory Safety“. Zusammen bilden sie einen einzigartigen Fingerprint.

Dieses zitieren