Cryptographic Least Privilege Enforcement for Scalable Memory Isolation

C/C++ computing systems constitute a significant share of our critical software infrastructure and face substantial security risks from memory exploitation. A single memory safety error can potentially lead to the compromise of the entire software system. To efficiently secure C/C++ computing systems without extensive software adaption, the processor must be able to restrict memory access to individual memory locations, thereby enforcing the principle of least privilege. The integration of lightweight and transparent isolation mechanisms that offer flexible and scalable memory protection is crucial to minimize the attack surface of software attacks.

In this paper, we present cryptographic least privilege enforcement (CLPE), a novel mechanism for scalable memory isolation. Our lightweight ISA extension enforces cryptographic integrity checks for isolation granularities ranging from individual objects to arbitrarily sized protection domains. We achieve this through message authentication codes (MACs), linking pointers with specific access privileges that restrict access to memory resources. Our approach maintains compatibility with legacy software and only minimally increases the processor's microarchitectural complexity. We provide a formal model of our design, ensuring important properties of our ISA specification, and a hardware model, allowing functional and timing-accurate simulation. The simulated performance overhead of our hardware model shows an average overhead of 2.5-7.4 % for the SPEC CPU2017 benchmark suite.