Projekte pro Jahr
Abstract
Memory safety vulnerabilities are a severe threat to modern computer systems allowing adversaries to leak or modify security-critical data. To protect systems from this attack vector, full memory safety is required. As software-based countermeasures tend to induce significant runtime overheads, which is not acceptable for production code, hardware assistance is needed. Tagged memory architectures, e.g., already offered by the ARM MTE and SPARC ADI extensions, assign meta-information to memory objects, thus allowing to implement memory safety policies. However, due to the high tag collision probability caused by the small tag sizes, the protection guarantees of these schemes are limited.
This paper presents Multi-Tag, the first hardware-software co-design utilizing a multi-granular tagging structure that provides strong protection against spatial and temporal memory safety violations. By combining object-granular memory tags with page-granular tags stored in the page table entries, Multi-Tag overcomes the limitation of small tag sizes. Introducing page-granular tags significantly enhances the probabilistic protection capabilities of memory tagging without increasing the memory overhead or the system's complexity. We develop a prototype implementation comprising a gem5 model of the tagged architecture, a Linux kernel extension, and an LLVM-based compiler toolchain. The simulated performance overhead for the SPEC CPU2017 and nbench-byte benchmarks highlights the practicability of our design.
This paper presents Multi-Tag, the first hardware-software co-design utilizing a multi-granular tagging structure that provides strong protection against spatial and temporal memory safety violations. By combining object-granular memory tags with page-granular tags stored in the page table entries, Multi-Tag overcomes the limitation of small tag sizes. Introducing page-granular tags significantly enhances the probabilistic protection capabilities of memory tagging without increasing the memory overhead or the system's complexity. We develop a prototype implementation comprising a gem5 model of the tagged architecture, a Linux kernel extension, and an LLVM-based compiler toolchain. The simulated performance overhead for the SPEC CPU2017 and nbench-byte benchmarks highlights the practicability of our design.
Originalsprache | englisch |
---|---|
Titel | ASIA CCS 2023 - Proceedings of the 2023 ACM Asia Conference on Computer and Communications Security |
Herausgeber (Verlag) | Association of Computing Machinery |
Seiten | 177-189 |
Seitenumfang | 13 |
ISBN (elektronisch) | 9798400700989 |
DOIs | |
Publikationsstatus | Veröffentlicht - 10 Juli 2023 |
Veranstaltung | 2023 ACM ASIA Conference on Computer and Communications Security: ASIA CCS 2023 - Melbourne, Australien Dauer: 10 Juli 2023 → 14 Juli 2023 Konferenznummer: 2023 |
Publikationsreihe
Name | Proceedings of the ACM Conference on Computer and Communications Security |
---|---|
ISSN (Print) | 1543-7221 |
Konferenz
Konferenz | 2023 ACM ASIA Conference on Computer and Communications Security |
---|---|
Kurztitel | ASIA CCS 2023 |
Land/Gebiet | Australien |
Ort | Melbourne |
Zeitraum | 10/07/23 → 14/07/23 |
ASJC Scopus subject areas
- Software
- Computernetzwerke und -kommunikation
Fingerprint
Untersuchen Sie die Forschungsthemen von „Multi-Tag: A Hardware-Software Co-Design for Memory Safety based on Multi-Granular Memory Tagging“. Zusammen bilden sie einen einzigartigen Fingerprint.Projekte
- 2 Laufend
-
-
SEIZE - Secure Edge-Geräte für industrielle Zero-Trust Umgebungen
1/01/22 → 31/12/24
Projekt: Forschungsprojekt