Pascal Nasahl
ABSTRACT
Memory vulnerabilities are a major threat to many computing systems. To effectively thwart spatial and temporal memory vulnerabilities, full logical memory safety is required. However, current mitigation techniques for memory safety are either too expensive or trade security against efficiency. One promising attempt to detect memory safety vulnerabilities in hardware is memory coloring, a security policy deployed on top of tagged memory architectures. However, due to the memory storage and bandwidth overhead of large tags, commodity tagged memory architectures usually only provide small tag sizes, thus limiting their use for security applications.
Irrespective of logical memory safety, physical memory safety is a necessity in hostile environments prevalent for modern cloud computing and IoT devices. Architectures from Intel and AMD already implement transparent memory encryption to maintain confidentiality and integrity of all off-chip data. Surprisingly, the combination of both, logical and physical memory safety, has not yet been extensively studied in previous research, and a naive combination of both security strategies would accumulate both overheads.
In this paper, we propose CrypTag, an efficient hardware/software co-design mitigating a large class of logical memory safety issues and providing full physical memory safety. At its core, CrypTag utilizes a transparent memory encryption engine not only for physical memory safety, but also for memory coloring at hardly any additional costs. The design avoids any overhead for tag storage by embedding memory colors in the upper bits of a pointer and using these bits as an additional input for the memory encryption. A custom compiler extension automatically leverages CrypTag to detect logical memory safety issues for commodity programs and is fully backward compatible.
For evaluating the design, we extended a RISC-V processor with memory encryption with CrypTag. Furthermore, we developed a LLVM-based toolchain automatically protecting all dynamic, local, and global data. Our evaluation shows a hardware overhead of less than 1% and an average runtime overhead between 1.5% and 6.1% for thwarting logical memory safety vulnerabilities on a system already featuring memory encryption. Enhancing a system with memory encryption typically induces a runtime overhead between 5% and 109.8% for commercial and open-source encryption units.
Supplemental Material
- Kathirgamar Aingaran, Sumti Jairath, Georgios K. Konstadinidis, Serena Leung, Paul Loewenstein, Curtis McAllister, Stephen Phillips, Zoran Radovic, Ram Sivaramakrishnan, David Smentek, and Thomas Wicki. 2015. https://doi.org/10.1109/MM.2015.35 M7: Oracle's Next-Generation Sparc Processor. IEEE Micro, Vol. 35 (2015).Google Scholar
- ARM. 2019. https://developer.arm.com/-/media/Arm%20Developer%20Community/PDF/Arm_Memory_Tagging_Extension_Whitepaper.pdf Armv8.5-A Memory Tagging Extension.Google Scholar
- ARM. 2020. https://static.docs.arm.com/ddi0487/fb/DDI0487F_b_armv8_arm.pdf Arm Architecture Reference Manual.Google Scholar
- Roberto Avanzi. 2016. http://eprint.iacr.org/2016/444 The QARMA Block Cipher Family - Almost MDS Matrices Over Rings With Zero Divisors, Nearly Symmetric Even-Mansour Constructions With Non-Involutory Central Rounds, and Search Heuristics for Low-Latency S-Boxes. ePrint 2016/444 (2016).Google Scholar
- Brandon Azad. 2019. https://googleprojectzero.blogspot.com/2019/02/examining-pointer-authentication-on.html Examining Pointer Authentication on the iPhone XS.Google Scholar
- Nicholas Carlini, Antonio Barresi, Mathias Payer, David A. Wagner, and Thomas R. Gross. 2015. https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/carlini Control-Flow Bending: On the Effectiveness of Control-Flow Integrity. In USENIX Security Symposium.Google Scholar
- Shuo Chen, Jun Xu, and Emre Can Sezer. 2005. https://www.usenix.org/conference/14th-usenix-security-symposium/non-control-data-attacks-are-realistic-threats Non-Control-Data Attacks Are Realistic Threats. In USENIX Security Symposium.Google Scholar
- Brian E. Clark and Michael J. Corrigan. 1989. https://doi.org/10.1147/sj.283.0407 Application System/400 Performance Characteristics. IBM Syst. J., Vol. 28 (1989).Google Scholar
- Intel Corporation. 2019. https://software.intel.com/sites/default/files/managed/a5/16/Multi-Key-Total-Memory-Encryption-Spec.pdf Intel® Architecture Memory Encryption Technologies Specification. Technical Report.Google Scholar
- Udit Dhawan, Nikos Vasilakis, Raphael Rubin, Silviu Chiricescu, Jonathan M. Smith, Thomas F. Knight Jr., Benjamin C. Pierce, and André DeHon. 2014. https://doi.org/10.1145/2611765.2611773 PUMP: a programmable unit for metadata processing. In International Symposium on Computer Architecture -- ISCA.Google Scholar
- Christoph Dobraunig, Maria Eichlseder, Florian Mendel, and Martin Schl"a ffer. 2016. http://ascon.iaik.tugraz.at Ascon v1.2 Submission to the CAESAR Competition. Technical Report.Google Scholar
- Gregory J. Duck and Roland H. C. Yap. 2016. https://doi.org/10.1145/2892208.2892212 Heap bounds protection with low fat pointers. In Proceedings of the 25th International Conference on Compiler Construction, CC 2016, Barcelona, Spain, March 12--18, 2016.Google Scholar
- Zakir Durumeric, James Kasten, David Adrian, J. Alex Halderman, Michael Bailey, Frank Li, Nicholas Weaver, Johanna Amann, Jethro Beekman, Mathias Payer, and Vern Paxson. 2014. https://doi.org/10.1145/2663716.2663755 The Matter of Heartbleed. In Internet Measurement Conference -- IMC.Google Scholar
- Reouven Elbaz, David Champagne, Catherine H. Gebotys, Ruby B. Lee, Nachiketh R. Potlapally, and Lionel Torres. 2009. https://doi.org/10.1007/978--3--642-01004-0_1 Hardware Mechanisms for Memory Authentication: A Survey of Existing Techniques and Engines. Trans. Comput. Sci., Vol. 4 (2009).Google Scholar
- Isaac Evans, Sam Fingeret, Julian Gonzalez, Ulziibayar Otgonbaatar, Tiffany Tang, Howard E. Shrobe, Stelios Sidiroglou-Douskos, Martin Rinard, and Hamed Okhravi. 2015. https://doi.org/10.1109/SP.2015.53 Missing the Point(er): On the Effectiveness of Code Pointer Integrity. In IEEE Symposium on Security and Privacy -- S&P.Google Scholar
- Edward A. Feustel. 1972. https://doi.org/10.1145/1478873.1478920 The Rice research computer: a tagged architecture. In American Federation of Information Processing Societies -- AFIPS.Google Scholar
- Shay Gueron. 2016. http://eprint.iacr.org/2016/204 A Memory Encryption Engine Suitable for General Purpose Processors. ePrint 2016/204 (2016).Google Scholar
- Matthew R Guthaus, Jeffrey S Ringenberg, Dan Ernst, Todd M Austin, Trevor Mudge, and Richard B Brown. 2001. MiBench: A free, commercially representative embedded benchmark suite. In Proceedings of the fourth annual IEEE international workshop on workload characterization. WWC-4 (Cat. No. 01EX538).Google ScholarCross Ref
- J. Alex Halderman, Seth D. Schoen, Nadia Heninger, William Clarkson, William Paul, Joseph A. Calandrino, Ariel J. Feldman, Jacob Appelbaum, and Edward W. Felten. 2008. http://www.usenix.org/events/sec08/tech/full_papers/halderman/halderman.pdf Lest We Remember: Cold Boot Attacks on Encryption Keys. In USENIX Security Symposium.Google Scholar
- Hong Hu, Shweta Shinde, Sendroiu Adrian, Zheng Leong Chua, Prateek Saxena, and Zhenkai Liang. 2016. https://doi.org/10.1109/SP.2016.62 Data-Oriented Programming: On the Expressiveness of Non-control Data Attacks. In IEEE Symposium on Security and Privacy -- S&P.Google Scholar
- Alexandre Joannou, Jonathan Woodruff, Robert Kovacsics, Simon W. Moore, Alex Bradbury, Hongyan Xia, Robert N. M. Watson, David Chisnall, Michael Roe, Brooks Davis, Edward Napierala, John Baldwin, Khilan Gudka, Peter G. Neumann, Alfredo Mazzinghi, Alex Richardson, Stacey D. Son, and A. Theodore Markettos. 2017. https://doi.org/10.1109/ICCD.2017.112 Efficient Tagged Memory. In International Conference on Computer Design -- ICCD.Google Scholar
- David Kaplan, Jeremy Powell, and Woller Tom. 2016. https://developer.amd.com/wordpress/media/2013/12/AMD_Memory_Encryption_Whitepaper_v7-Public.pdf AMD MEMORY ENCRYPTION. (2016).Google Scholar
- Yoongu Kim, Ross Daly, Jeremie Kim, Chris Fallin, Ji-Hye Lee, Donghyuk Lee, Chris Wilkerson, Konrad Lai, and Onur Mutlu. 2014. https://doi.org/10.1109/ISCA.2014.6853210 Flipping bits in memory without accessing them: An experimental study of DRAM disturbance errors. In International Symposium on Computer Architecture -- ISCA.Google Scholar
- Volodymyr Kuznetsov, Laszlo Szekeres, Mathias Payer, George Candea, R. Sekar, and Dawn Song. 2018. https://doi.org/10.1145/3129743.3129748 Code-pointer integrity. In The Continuing Arms Race: Code-Reuse Attacks and Defenses.Google Scholar
- Albert Kwon, Udit Dhawan, Jonathan M. Smith, Thomas F. Knight Jr., and André DeHon. 2013. https://doi.org/10.1145/2508859.2516713 Low-fat pointers: compact encoding and efficient gate-level implementation of fat pointers for spatial safety and capability-based security. In Conference on Computer and Communications Security -- CCS.Google Scholar
- Chris Lattner and Vikram S. Adve. 2004. https://doi.org/10.1109/CGO.2004.1281665 LLVM: A Compilation Framework for Lifelong Program Analysis & Transformation. In International Symposium on Code Generation and Optimization -- CGO.Google Scholar
- Dayeol Lee, David Kohlbrenner, Shweta Shinde, Dawn Song, and Krste Asanovic. 2019. http://arxiv.org/abs/1907.10119 Keystone: A Framework for Architecting TEEs. arXiv abs/1907.10119 (2019).Google Scholar
- Hans Liljestrand, Thomas Nyman, Kui Wang, Carlos Chinea Perez, Jan-Erik Ekberg, and N. Asokan. 2019. https://www.usenix.org/conference/usenixsecurity19/presentation/liljestrand PAC it up: Towards Pointer Integrity using ARM Pointer Authentication. In USENIX Security Symposium.Google Scholar
- Catalin Marinas. 2020. https://www.kernel.org/doc/html/latest/arm64/memory.html Memory Layout on AArch64 Linux.Google Scholar
- Ali José Mashtizadeh, Andrea Bittau, Dan Boneh, and David Mazières. 2015. https://doi.org/10.1145/2810103.2813676 CCFI: Cryptographically Enforced Control Flow Integrity. In Conference on Computer and Communications Security -- CCS.Google Scholar
- Alastair J. W. Mayer. 1982. https://doi.org/10.1145/641542.641543 The Architecture of the Burroughs B5000: 20 Years Later and Still Ahead of the Times? SIGARCH Comput. Archit. News, Vol. 10 (1982).Google ScholarDigital Library
- Frank McKeen, Ilya Alexandrovich, Ittai Anati, Dror Caspi, Simon Johnson, Rebekah Leslie-Hurd, and Carlos Rozas. 2016. https://doi.org/10.1145/2948618.2954331 Intel® Software Guard Extensions (Intel® SGX) Support for Dynamic Memory Management Inside an Enclave. In Proceedings of the Hardware and Architectural Support for Security and Privacy 2016. Association for Computing Machinery.Google ScholarDigital Library
- Larry W. McVoy and Carl Staelin. 1996. lmbench: Portable Tools for Performance Analysis. In USENIX Annual Technical Conference.Google Scholar
- Matt Miller. 2019. Trends, Challanges, and Strategic Shifts in the Software Vulnerability Mitigation Landscape. BlueHat IL (2019).Google Scholar
- MITRE. 2019. http://cwe.mitre.org/top25/archive/2019/2019_cwe_top25.html CWE Top 25 Most Dangerous Software Errors.Google Scholar
- Santosh Nagarakatte, Milo M. K. Martin, and Steve Zdancewic. 2012. https://doi.org/10.1109/ISCA.2012.6237017 Watchdog: Hardware for safe and secure manual memory management and full memory safety. In International Symposium on Computer Architecture -- ISCA.Google Scholar
- Santosh Nagarakatte, Jianzhou Zhao, Milo M. K. Martin, and Steve Zdancewic. 2009. https://doi.org/10.1145/1542476.1542504 SoftBound: highly compatible and complete spatial memory safety for c. In Programming Language Design and Implementation -- PLDI.Google Scholar
- Santosh Nagarakatte, Jianzhou Zhao, Milo M. K. Martin, and Steve Zdancewic. 2010. https://doi.org/10.1145/1806651.1806657 CETS: compiler enforced temporal safety for C. In International Symposium on Memory Management -- ISMM.Google Scholar
- Roldan Pozo and Bruce Miller. [n.d.]. http://math.nist.gov/scimark2 Scimark 2.Google Scholar
- LLVM Project. 2020. https://llvm.org/docs/MemTagSanitizer.html MemTagSanitizer.Google Scholar
- Inc. Qualcomm Technologies. 2017. https://www.qualcomm.com/media/documents/files/whitepaper-pointer-authentication-on-armv8--3.pdf Pointer Authentication on ARMv8.3.Google Scholar
- Avanzi Roberto-Maria. 2020. https://rwc.iacr.org/2020/slides/Avanzi.pdf Memory Protection for the ARM Architecture.Google Scholar
- JIM SALTER. 2020. https://arstechnica.com/gadgets/2020/02/intel-promises-full-memory-encryption-in-upcoming-cpus Intel promises Full Memory Encryption in upcoming CPUs.Google Scholar
- Jim Salter. 2020. https://arstechnica.com/gadgets/2020/02/intel-promises-full-memory-encryption-in-upcoming-cpus/ Intel promises Full Memory Encryption in upcoming CPUs.Google Scholar
- Robert Schilling, Mario Werner, Pascal Nasahl, and Stefan Mangard. 2018. https://doi.org/10.1145/3274694.3274728 Pointing in the Right Direction - Securing Memory Accesses in a Faulty World. In Annual Computer Security Applications Conference -- ACSAC.Google Scholar
- Kostya Serebryany. 2019. https://www.usenix.org/publications/login/summer2019/serebryany ARM Memory Tagging Extension and How It Improves C/C+ Memory Safety. login Usenix Mag., Vol. 44 (2019).Google Scholar
- Konstantin Serebryany, Derek Bruening, Alexander Potapenko, and Dmitriy Vyukov. 2012. https://www.usenix.org/conference/atc12/technical-sessions/presentation/serebryany Address Sanitizer: A Fast Address Sanity Checker. In USENIX Annual Technical Conference.Google Scholar
- Kostya Serebryany and Herle, Sudhi. 2019. https://security.googleblog.com/2019/08/adopting-arm-memory-tagging-extension.html Adopting the Arm Memory Tagging Extension in Android.Google Scholar
- Kostya Serebryany, Evgenii Stepanov, Aleksey Shlyapnikov, Vlad Tsyrklevich, and Dmitry Vyukov. 2018. http://arxiv.org/abs/1802.09517 Memory Tagging and how it improves C/C+ memory safety. arXiv abs/1802.09517 (2018).Google Scholar
- Hovav Shacham. 2007. https://doi.org/10.1145/1315245.1315313 The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86). In Conference on Computer and Communications Security -- CCS.Google Scholar
- Chengyu Song, Hyungon Moon, Monjur Alam, Insu Yun, Byoungyoung Lee, Taesoo Kim, Wenke Lee, and Yunheung Paek. 2016. https://doi.org/10.1109/SP.2016.9 HDFI: Hardware-Assisted Data-Flow Isolation. In IEEE Symposium on Security and Privacy -- S&P.Google Scholar
- Wei Song, Alex Bradbury, and Robert Mullins. 2015. Towards general purpose tagged memory. In Proceedings of the RISC-V Workshop.Google Scholar
- Laszlo Szekeres, Mathias Payer, Tao Wei, and Dawn Song. 2013. https://doi.org/10.1109/SP.2013.13 SoK: Eternal War in Memory. In IEEE Symposium on Security and Privacy -- S&P.Google Scholar
- The Clang Team. 2020 a. https://clang.llvm.org/docs/AddressSanitizer.html Address Sanitizer.Google Scholar
- The Clang Team. 2020 b. https://clang.llvm.org/docs/HardwareAssistedAddressSanitizerDesign.html Hardware-assisted AddressSanitizer Design Documentation.Google Scholar
- Thomas Unterluggauer, Mario Werner, and Stefan Mangard. 2019. https://doi.org/10.1007/s13389-018-0180--2 MEAS: memory encryption and authentication secure against side-channel attacks. J. Cryptographic Engineering, Vol. 9 (2019).Google Scholar
- Guru Venkataramani, Ioannis Doudalis, Yan Solihin, and Milos Prvulovic. 2008. https://doi.org/10.1109/HPCA.2008.4658637 FlexiTaint: A programmable accelerator for dynamic taint propagation. In International Conference on High-Performance Computer Architecture -- HPCA.Google Scholar
- Andrew Waterman, Yunsup Lee, Rimas Avizienis, David A. Patterson, and Krste Asanović. 2016. http://www2.eecs.berkeley.edu/Pubs/TechRpts/2016/EECS-2016--161.pdf The RISC-V Instruction Set Manual Volume II: Privileged Architecture Version 1.9.1. Technical Report. EECS Department, University of California, Berkeley.Google Scholar
- Samuel Weiser, Mario Werner, Ferdinand Brasser, Maja Malenko, Stefan Mangard, and Ahmad-Reza Sadeghi. 2019. https://www.ndss-symposium.org/ndss-paper/timber-v-tag-isolated-memory-bringing-fine-grained-enclaves-to-risc-v/ TIMBER-V: Tag-Isolated Memory Bringing Fine-grained Enclaves to RISC-V. In Network and Distributed System Security Symposium -- NDSS.Google Scholar
- Mario Werner, Thomas Unterluggauer, Robert Schilling, David Schaffenrath, and Stefan Mangard. 2017. https://doi.org/10.23919/FPL.2017.8056797 Transparent memory encryption and authentication. In Field Programmable Logic and Applications -- FPL.Google Scholar
- Jonathan Woodruff, Robert N. M. Watson, David Chisnall, Simon W. Moore, Jonathan Anderson, Brooks Davis, Ben Laurie, Peter G. Neumann, Robert M. Norton, and Michael Roe. 2014. https://doi.org/10.1109/ISCA.2014.6853201 The CHERI capability model: Revisiting RISC in an age of risk. In International Symposium on Computer Architecture -- ISCA.Google Scholar
- Wei Xu, Daniel C DuVarney, and R Sekar. 2004. An efficient and backwards-compatible transformation to ensure memory safety of C programs. In Proceedings of the 12th ACM SIGSOFT twelfth international symposium on Foundations of software engineering.Google ScholarDigital Library
- Florian Zaruba and Luca Benini. 2019. https://doi.org/10.1109/TVLSI.2019.2926114 The Cost of Application-Class Processing: Energy and Performance Analysis of a Linux-Ready 1.7-GHz 64-Bit RISC-V Core in 22-nm FDSOI Technology. IEEE Trans. Very Large Scale Integr. Syst., Vol. 27 (2019).Google ScholarDigital Library
- Nickolai Zeldovich, Hari Kannan, Michael Dalton, and Christos Kozyrakis. 2008. http://www.usenix.org/events/osdi08/tech/full_papers/zeldovich/zeldovich.pdf Hardware Enforcement of Application Security Policies Using Tagged Memory. In USENIX Symposium on Operating Systems Design and Implementation -- OSDI.Google Scholar
Index Terms
- CrypTag: Thwarting Physical and Logical Memory Vulnerabilities using Cryptographically Colored Memory
Recommendations
A secure and authenticated host-to-memory communication interface
CF '19: Proceedings of the 16th ACM International Conference on Computing FrontiersEmerging non-volatile memories (NVMs) have the potential to change the memory-storage hierarchy in computing devices, and even to replace DRAM as main memories. In fact NVMs, beside offering byte-addressability and data persistence, promise better ...
Dynamic memory access monitoring based on tagged memory
PACT '13: Proceedings of the 22nd international conference on Parallel architectures and compilation techniquesSoftware vulnerabilities become one of the top threats to world security in the coming decade. The most of such vulnerabilities are based on memory leaks and memory corruption. Many memory access monitoring tools exist, but most of them suffer from high ...
Compiler-directed scratchpad memory management via graph coloring
Scratchpad memory (SPM), a fast on-chip SRAM managed by software, is widely used in embedded systems. This article introduces a general-purpose compiler approach, called memory coloring, to assign static data aggregates, such as arrays and structs, in a ...
Comments