No-FAT: Architectural Support for Low Overhead Memory Safety Checks
- 1 June 2021
- conference paper
- conference paper
- Published by Institute of Electrical and Electronics Engineers (IEEE) in 2021 ACM/IEEE 48th Annual International Symposium on Computer Architecture (ISCA)
Abstract
Memory safety continues to be a significant software reliability and security problem, and low overhead and low complexity hardware solutions have eluded computer designers. In this paper, we explore a pathway to deployable memory safety defenses. Our technique builds on a recent trend in software: the usage of binning memory allocators. We observe that if memory allocation sizes (e.g., malloc sizes) are made an architectural feature, then it is possible to overcome many of the thorny issues with traditional approaches to memory safety such as compatibility with unsecured software and significant performance degradation. We show that our architecture, No-FAT, incurs an overhead of 8% on SPEC CPU2017 benchmarks, and our VLSI measurements show low power and area overheads. Finally, as No-FAT’s hardware is aware of the memory allocation sizes, it effectively mitigates certain speculative attacks (e.g., Spectre-V1) with no additional cost. When our solution is used for pre-deployment fuzz testing it can improve fuzz testing bandwidth by an order of magnitude compared to state-of-the-art approaches.Keywords
Funding Information
- Scan
This publication has 44 references indexed in Scilit:
- CHERI: A Hybrid Capability-System Architecture for Scalable Software CompartmentalizationPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2015
- Architectural Support for Software-Defined Metadata ProcessingPublished by Association for Computing Machinery (ACM) ,2015
- Low-fat pointersPublished by Association for Computing Machinery (ACM) ,2013
- WatchdogACM SIGARCH Computer Architecture News, 2012
- HardboundPublished by Association for Computing Machinery (ACM) ,2008
- The geometry of innocent flesh on the bonePublished by Association for Computing Machinery (ACM) ,2007
- Comprehensively and efficiently protecting the heapPublished by Association for Computing Machinery (ACM) ,2006
- Practical Structure Layout Optimization and AdvicePublished by Institute of Electrical and Electronics Engineers (IEEE) ,2006
- Hardware support for fast capability-based addressingACM SIGPLAN Notices, 1994
- Efficient detection of all pointer and array access errorsPublished by Association for Computing Machinery (ACM) ,1994