nach oben

Erschienen in:

20.07.2022

Exploring effective uses of the tagged memory for reducing bounds checking overheads

verfasst von: Jiwon Seo, Inyoung Bang, Yungi Cho, Jangseop Shin, Dongil Hwang, Donghyun Kwon, Yeongpil Cho, Yunheung Paek

Erschienen in: The Journal of Supercomputing | Ausgabe 1/2023

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

For spatial memory safety in C/C++ programs, bounds checking (BC) methods have been studied for decades. The practical use of BC has been deferred due to its inherently large performance overhead. Many efforts have been undertaken to reduce overhead by optimizing metadata management. However, BC’s performance is affected by another subtask, bounds comparison whose overhead is highly significant. To remedy this issue, we utilize the tagged memory (TM), a security architecture enabling efficient sanity checks by matching the tag IDs of pointers and the referent objects. We may replace expensive bounds comparisons with the lightweight tag matchings. However, due to physical limitation of TM for tag operations, this naive replacement scheme endangers security and even worsens the overhead of BC. Being aware of such downsides, we test a hybrid approach where we classify memory objects into two groups whose sanity is guaranteed by TM and bound comparison, respectively. For this, we perform compiler analysis and runtime profiling to comprehensively consider performance factors that influence the benefits and adverse effects of using TM. Our results exhibit that as long as TM is carefully orchestrated to work with conventional bound comparisons, it is effective to reduce the overall overhead.

Vorheriger Artikel Towards a dynamic heuristic for task scheduling in application integration platforms to handle large volumes of data

Nächster Artikel Mashing load balancing algorithm to boost hybrid kernels in molecular dynamics simulations

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

No real ARM processor officially offered TM at the time of writing.

Akritidis P, Costa M, Castro M, Hand S (2009) Baggy bounds checking: an efficient and backwards-compatible defense against out-of-bounds errors. In: USENIX Security Symposium, pp 51–66

Nagarakatte S, Zhao J, Martin MM, Zdancewic S (2009) Softbound: highly compatible and complete spatial memory safety for c. In: Proceedings of the 30th ACM SIGPLAN Conference on Programming Language Design and Implementation, pp 245–258

Kwon A, Dhawan U, Smith JM, Knight Jr TF, DeHon A (2013) Low-fat pointers: compact encoding and efficient gate-level implementation of fat pointers for spatial safety and capability-based security. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, pp 721–732

Ruwase O, Lam MS (2004) A practical dynamic buffer overflow detector. NDSS 2004:159–169

Simpson MS, Barua RK (2013) Memsafe: ensuring the spatial and temporal memory safety of c at runtime. Softw Pract Exp 43(1):93–128CrossRef

Duck GJ, Yap RH (2016) Heap bounds protection with low fat pointers. In: Proceedings of the 25th International Conference on Compiler Construction, pp 132–142

Duck GJ, Yap RH, Cavallaro L (2017) Stack bounds protection with low fat pointers. NDSS 17:1–15

Kroes T, Koning K, van der Kouwe E, Bos H, Giuffrida C (2018) Delta pointers: Buffer overflow checks without the checks. In: Proceedings of the Thirteenth EuroSys Conference, pp 1–14

SPARC International, Inc. (2020) (accessed April 21, 2020). http://sparc.org

10.

A. Holdings, “Arm architecture reference manual, armv8, for armv8-a architecture profile,” 2021

11.

Serebryany K, Stepanov E, Shlyapnikov A, Tsyrklevich V, Vyukov D (2018) Memory tagging and how it improves c/c++ memory safety. arXiv preprint arXiv:1802.09517

12.

Kc GS, Keromytis AD, Prevelakis V (2003) Countering code-injection attacks with instruction-set randomization. In: Proceedings of the 10th ACM Conference on Computer and Communications Security, pp 272–280

13.

Francillon A, Castelluccia C (2008) Code injection attacks on harvard-architecture devices. In: Proceedings of the 15th ACM Conference on Computer and Communications Security, pp 15–26

14.

Carlini N, Wagner D (2014) Rop is still dangerous: breaking modern defenses. In: 23rd USENIX Security Symposium (USENIX Security 14), pp 385–399

15.

Lee B, Song C, Jang Y, Wang T, Kim T, Lu L, Lee W (2015) Preventing use-after-free with dangling pointers nullification. In: NDSS

16.

Shin J, Kwon D, Seo J, Cho Y, Paek Y (2019) Crcount: pointer invalidation with reference counting to mitigate use-after-free in legacy c/c++. In: NDSS

17.

Van Der Kouwe E, Nigade V, Giuffrida C (2017) Dangsan: scalable use-after-free detection. In: Proceedings of the Twelfth European Conference on Computer Systems, pp 405–419

18.

Zhang T, Lee D, Jung C (2019) Bogo: buy spatial memory safety, get temporal memory safety (almost) free. In: Proceedings of the Twenty-Fourth International Conference on Architectural Support for Programming Languages and Operating Systems, pp 631–644

19.

Nagarakatte S, Zhao J, Martin MM, Zdancewic S (2010) Cets: compiler enforced temporal safety for c. In: Proceedings of the 2010 International Symposium on Memory Management, pp 31–40

20.

Yarom Y, Falkner K (2014) Flush+ reload: a high resolution, low noise, l3 cache side-channel attack. In: 23rd USENIX Security Symposium (USENIX Security 14), pp 719–732

21.

Liu F, Yarom Y, Ge Q, Heiser G, Lee RB (2015) Last-level cache side-channel attacks are practical. In: 2015 IEEE Symposium on Security and Privacy, pp 605–622

22.

Kocher P, Horn J, Fogh A, Genkin D, Gruss D, Haas W, Hamburg M, Lipp M, Mangard S, Prescher T, et al (2019) Spectre attacks: Exploiting speculative execution. In: 2019 IEEE Symposium on Security and Privacy (SP), pp 1–19

23.

Lipp M, Schwarz M, Gruss D, Prescher T, Haas W, Fogh A, Horn J, Mangard S, Kocher P, Genkin D, et al (2018) Meltdown: reading kernel memory from user space. In: 27th USENIX Security Symposium (USENIX Security 18), pp 973–990

24.

LLVM Block Frequency Terminology. (2014) (accessed April 21, 2020). https://llvm.org/docs/BlockFrequencyTerminology.html

25.

Lattner C, Adve V (2005) Automatic pool allocation: improving performance by controlling data structure layout in the heap. ACM Sigplan Not 40(6):129–142CrossRef

26.

SoftBoundCETS for LLVM+Clang Version 34. (2014) (accessed April 21, 2020). https://github.com/santoshn/softboundcets-34/

27.

Kuvaiskii D, Oleksenko O, Arnautov S, Trach B, Bhatotia P, Felber P, Fetzer C (2017) Sgxbounds: memory safety for shielded execution. In: Proceedings of the Twelfth European Conference on Computer Systems, pp 205–221

28.

LLVM 3.4 Release Notes. (2020) (accessed April 21, 2020). https://releases.llvm.org/3.4/docs/ReleaseNotes.html

29.

ZC706 Evaluation Board for the Zynq-7000 XC7Z045 SoC. (2019 (accessed April 21, 2020)). https://www.xilinx.com/support/documentation/boards_and_kits/zc706/ug954-zc706-eval-board-xc7z045-ap-soc.pdf

30.

Bradbury A, Ferris G, Mullins R (2014) Tagged memory and minion cores in the lowrisc soc. University of Cambridge, Memo

31.

Tagged Memory Support. (2014) (accessed April 21, 2020). https://www.lowrisc.org/docs/tagged-memory-v0.1/tags/

32.

SPEC CPU2000 Benchmarks. (2001) (accessed April 21, 2020). https://www.spec.org/cpu2000/docs/readme1st.html

33.

Henning JL (2006) Spec cpu2006 benchmark descriptions. ACM SIGARCH Comput Arch News 34(4):1–17CrossRef

34.

A Port of the RIPE Suite to RISC-V. (2018) (accessed April 21, 2020). https://github.com/draperlaboratory/hope-RIPE

35.

Wilander J, Nikiforakis N, Younan Y, Kamkar M, Joosen W (2011) RIPE: runtime intrusion prevention evaluator. In: In Proceedings of the 27th Annual Computer Security Applications Conference, ACSAC. ACM,

36.

The 4th lowRISC Release: Tagged Memory and Minion Cores. (2017) (accessed April 21, 2020). https://riscv.org/wp-content/uploads/2017/05/Wed0930riscv201705_ppt.pdf

37.

Austin TM, Breach SE, Sohi GS (1994) Efficient detection of all pointer and array access errors. In: Proceedings of the ACM SIGPLAN 1994 Conference on Programming Language Design and Implementation, pp 290–301

38.

Jim T, Morrisett JG, Grossman D, Hicks MW, Cheney J, Wang Y (2002) Cyclone: a safe dialect of c. In: USENIX Annual Technical Conference, General Track, pp 275–288

39.

Necula GC, Condit J, Harren M, McPeak S, Weimer W (2005) Ccured: Type-safe retrofitting of legacy software. ACM Trans Program Lang Sys (TOPLAS) 27(3):477–526CrossRef

40.

Woodruff J, Joannou A, Xia H, Fox A, Norton RM, Chisnall D, Davis B, Gudka K, Filardo NW, Markettos AT et al (2019) Cheri concentrate: practical compressed capabilities. IEEE Trans Comput 68(10):1455–1469MathSciNetCrossRefMATH

41.

Younan Y, Philippaerts P, Cavallaro L, Sekar R, Piessens F, Joosen W (2010) Paricheck: an efficient pointer arithmetic checker for c programs. In: Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, pp 145–156

42.

Eigler FC (2003) Mudflap: pointer use checking for c/c+. In: GCC Developers Summit, pp 57. Citeseer

43.

Serebryany K, Bruening D, Potapenko A, Vyukov D (2012) Addresssanitizer: a fast address sanity checker. In: Presented as Part of the 2012 USENIX Annual Technical Conference (USENIX ATC 12), pp 309–318

44.

Hasabnis N, Misra A, Sekar R (2012) Light-weight bounds checking. In: Proceedings of the Tenth International Symposium on Code Generation and Optimization, pp 135–144

45.

Sasaki H, Arroyo MA, Ziad MTI, Bhat K, Sinha K, Sethumadhavan S (2019) Practical byte-granular memory blacklisting using califorms. In: Proceedings of the 52nd Annual IEEE/ACM International Symposium on Microarchitecture, pp 558–571

46.

Haller I, Slowinska A, Neugschwandtner M, Bos H (2013) Dowsing for overflows: a guided fuzzer to find buffer boundary violations. In: Presented as Part of the 22nd USENIX Security Symposium (USENIX Security 13), pp 49–64

47.

Grieco G, Ceresa M, Buiras P (2016) Quickfuzz: an automatic random fuzzer for common file formats. ACM SIGPLAN Not 51(12):13–20CrossRef

48.

Zeldovich N, Kannan H, Dalton M, Kozyrakis C (2008) Hardware enforcement of application security policies using tagged memory. OSDI 8:225–240

49.

Dhawan U, Hritcu C, Rubin R, Vasilakis N, Chiricescu S, Smith JM, Knight Jr TF, Pierce BC, DeHon A (2015) Architectural support for software-defined metadata processing. In: Proceedings of the Twentieth International Conference on Architectural Support for Programming Languages and Operating Systems, pp 487–502

Titel: Exploring effective uses of the tagged memory for reducing bounds checking overheads
verfasst von: Jiwon Seo
Inyoung Bang
Yungi Cho
Jangseop Shin
Dongil Hwang
Donghyun Kwon
Yeongpil Cho
Yunheung Paek
Publikationsdatum: 20.07.2022
Verlag: Springer US
Erschienen in: The Journal of Supercomputing / Ausgabe 1/2023
Print ISSN: 0920-8542
Elektronische ISSN: 1573-0484
DOI: https://doi.org/10.1007/s11227-022-04694-y

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft"

Springer Professional "Technik"

Springer Professional "Wirtschaft+Technik"

Weitere Artikel der Ausgabe 1/2023

Distributed storage scheme for encryption speech data based on blockchain and IPFS

FT-EALU: fault-tolerant arithmetic and logic unit for critical embedded and real-time systems

Extending the VEF traces framework to model data center network workloads

Towards a dynamic heuristic for task scheduling in application integration platforms to handle large volumes of data

CAMID: architectural support of middleware for multiple-domain ubiquitous computing and IoT

Frequent item-set mining and clustering based ranked biomedical text summarization

Premium Partner