Memory Tagging using Cryptographic Integrity on Commodity x86 CPUs

David Schrammel, Martin Unterguggenberger, Lukas Lamster, Salmin Sultana, Karanvir Grewal, Michael LeMay, David Durham, Stefan Mangard

Research output: Chapter in Book/Report/Conference proceedingConference paperpeer-review

Abstract

Memory tagging allows to establish memory safety for software developed in unsafe languages like C/C++. Since it is an effective mechanism with low architectural complexity, ISA extensions, like ARM MTE or SPARC ADI, already integrate memory tagging on the architectural level for commodity computer systems. However, despite being in high demand, memory tagging features are currently absent in modern x86 processors.
This work presents IntegriTag, a hardware-enforced memory tagging solution for existing commodity x86 CPUs. We leverage the Intel® Total Memory Encryption-Multi-Key (Intel® TME-MK) hardware feature that was initially envisioned for virtual machine isolation to instead provide memory tagging capabilities on off-the-shelf x86 processors. Unlike ARM MTE and SPARC ADI, this does not require the integration of a separate tagged memory architecture, which would increase the overall system complexity. Instead, our solution allows us to implicitly enforce the desired security policies by incorporating them into the existing memory encryption integrity checks. In addition, our design addresses security issues that affect tagged memory architectures with small tag spaces. Intel® TME-MK allows for a greater number of key identifier bits, thus offering significantly stronger security compared to the 4-bit tags of ARM MTE and SPARC ADI. We implement a holistic open-source software framework based on Intel® TME-MK, supporting several software-controlled and hardware-enforced memory safety policies. Moreover, we evaluate our design’s performance overhead and security properties, underlining the practicability and efficacy of our approach. Our design is binary-compatible with existing software and provides both temporal and spatial memory safety while imposing an overhead of 32–41%, which is significantly lower than the overheads of memory safety schemes in software on commodity hardware that provide comparable security properties.
Original languageEnglish
Title of host publicationEuroS&P 2024
Subtitle of host publication 9th IEEE European Symposium on Security and Privacy
DOIs
Publication statusAccepted/In press - 2024
Event9th IEEE European Symposium on Security and Privacy: EuroS&P 2024 - Vienna, Austria
Duration: 8 Jul 202412 Jul 2024
https://eurosp2024.ieee-security.org/

Conference

Conference9th IEEE European Symposium on Security and Privacy
Abbreviated titleEuroS&P 2024
Country/TerritoryAustria
CityVienna
Period8/07/2412/07/24
Internet address

Fingerprint

Dive into the research topics of 'Memory Tagging using Cryptographic Integrity on Commodity x86 CPUs'. Together they form a unique fingerprint.

Cite this