Practical byte-granular memory blacklisting using califorms

Hiroshi Sasaki; Miguel A. Arroyo; M. Tarek Ibn Ziad; Koustubha Bhat; Kanad Sinha; Simha Sethumadhavan

doi:10.1145/3352460.3358299

Practical byte-granular memory blacklisting using califorms

Hiroshi Sasaki, Miguel A. Arroyo, M. Tarek Ibn Ziad, Koustubha Bhat, Kanad Sinha, Simha Sethumadhavan

Research output: Chapter in Book / Report / Conference proceeding › Conference contribution › Academic › peer-review

47 Downloads (Pure)

Abstract

Recent rapid strides in memory safety tools and hardware have improved software quality and security. While coarse-grained memory safety has improved, achieving memory safety at the granularity of individual objects remains a challenge due to high performance overheads usually between ~1.7x-2.2x. In this paper, we present a novel idea called Califorms, and associated program observations, to obtain a low overhead security solution for practical, byte-granular memory safety. The idea we build on is called memory blacklisting, which prohibits a program from accessing certain memory regions based on program semantics. State of the art hardware-supported memory blacklisting, while much faster than software blacklisting, creates memory fragmentation (on the order of few bytes) for each use of the blacklisted location. We observe that metadata used for blacklisting can be stored in dead spaces in a program's data memory and that this metadata can be integrated into the microarchitecture by changing the cache line format. Using these observations, a Califorms based system proposed in this paper reduces the performance overheads of memory safety to ~1.02x-1.16x while providing bytegranular protection and maintaining very low hardware overheads. Moreover, the fundamental idea of storingmetadata in empty spaces and changing cache line formats can be used for other security and performance applications.

Original language	English
Title of host publication	MICRO 2019
Subtitle of host publication	Proceedings of the 52nd Annual IEEE/ACM International Symposium on Microarchitecture
Publisher	IEEE Computer Society
Pages	558-571
Number of pages	14
ISBN (Electronic)	9781450369381
DOIs	https://doi.org/10.1145/3352460.3358299
Publication status	Published - Oct 2019
Event	52nd Annual IEEE/ACM International Symposium on Microarchitecture, MICRO 2019 - Columbus, United States Duration: 12 Oct 2019 → 16 Oct 2019

Publication series

Name	Proceedings of the Annual International Symposium on Microarchitecture, MICRO
ISSN (Print)	1072-4451

Conference

Conference	52nd Annual IEEE/ACM International Symposium on Microarchitecture, MICRO 2019
Country/Territory	United States
City	Columbus
Period	12/10/19 → 16/10/19

Funding

This work was partially supported by ONR N00014–16–1–2263, ONR N00014–17–1–2788, ONR N00014–15–1–2173, DARPA HR0011–18–C–0017, and a gift from Bloomberg. The authors thank Prof. Mingoo Seok for access to SRAM timing measurement tools. Any opinions, findings, conclusions and recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the US government or commercial entities. Simha Sethumadhavan has a significant financial interest in Chip Scan Inc.

Keywords

Caches
Memory blacklisting
Memory safety

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

Access to Document

10.1145/3352460.3358299

Practical byte-granular memory blacklisting using califormsFinal published version, 978 KBLicence: Article 25fa Dutch Copyright Act

Persistent URL (handle)

Persistent link

Cite this

Sasaki, H., Arroyo, M. A., Ziad, M. T. I., Bhat, K., Sinha, K., & Sethumadhavan, S. (2019). Practical byte-granular memory blacklisting using califorms. In MICRO 2019: Proceedings of the 52nd Annual IEEE/ACM International Symposium on Microarchitecture (pp. 558-571). (Proceedings of the Annual International Symposium on Microarchitecture, MICRO). IEEE Computer Society. https://doi.org/10.1145/3352460.3358299

@inproceedings{19814a00e97b48e9ae27d01fa58e5df4,

title = "Practical byte-granular memory blacklisting using califorms",

abstract = "Recent rapid strides in memory safety tools and hardware have improved software quality and security. While coarse-grained memory safety has improved, achieving memory safety at the granularity of individual objects remains a challenge due to high performance overheads usually between \textasciitilde{}1.7x-2.2x. In this paper, we present a novel idea called Califorms, and associated program observations, to obtain a low overhead security solution for practical, byte-granular memory safety. The idea we build on is called memory blacklisting, which prohibits a program from accessing certain memory regions based on program semantics. State of the art hardware-supported memory blacklisting, while much faster than software blacklisting, creates memory fragmentation (on the order of few bytes) for each use of the blacklisted location. We observe that metadata used for blacklisting can be stored in dead spaces in a program's data memory and that this metadata can be integrated into the microarchitecture by changing the cache line format. Using these observations, a Califorms based system proposed in this paper reduces the performance overheads of memory safety to \textasciitilde{}1.02x-1.16x while providing bytegranular protection and maintaining very low hardware overheads. Moreover, the fundamental idea of storingmetadata in empty spaces and changing cache line formats can be used for other security and performance applications.",

keywords = "Caches, Memory blacklisting, Memory safety",

author = "Hiroshi Sasaki and Arroyo, \{Miguel A.\} and Ziad, \{M. Tarek Ibn\} and Koustubha Bhat and Kanad Sinha and Simha Sethumadhavan",

year = "2019",

month = oct,

doi = "10.1145/3352460.3358299",

language = "English",

series = "Proceedings of the Annual International Symposium on Microarchitecture, MICRO",

publisher = "IEEE Computer Society",

pages = "558--571",

booktitle = "MICRO 2019",

address = "United States",

note = "52nd Annual IEEE/ACM International Symposium on Microarchitecture, MICRO 2019 ; Conference date: 12-10-2019 Through 16-10-2019",

}

Sasaki, H, Arroyo, MA, Ziad, MTI, Bhat, K, Sinha, K & Sethumadhavan, S 2019, Practical byte-granular memory blacklisting using califorms. in MICRO 2019: Proceedings of the 52nd Annual IEEE/ACM International Symposium on Microarchitecture. Proceedings of the Annual International Symposium on Microarchitecture, MICRO, IEEE Computer Society, pp. 558-571, 52nd Annual IEEE/ACM International Symposium on Microarchitecture, MICRO 2019, Columbus, United States, 12/10/19. https://doi.org/10.1145/3352460.3358299

Practical byte-granular memory blacklisting using califorms. / Sasaki, Hiroshi; Arroyo, Miguel A.; Ziad, M. Tarek Ibn et al.
MICRO 2019: Proceedings of the 52nd Annual IEEE/ACM International Symposium on Microarchitecture. IEEE Computer Society, 2019. p. 558-571 (Proceedings of the Annual International Symposium on Microarchitecture, MICRO).

Research output: Chapter in Book / Report / Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - Practical byte-granular memory blacklisting using califorms

AU - Sasaki, Hiroshi

AU - Arroyo, Miguel A.

AU - Ziad, M. Tarek Ibn

AU - Bhat, Koustubha

AU - Sinha, Kanad

AU - Sethumadhavan, Simha

PY - 2019/10

Y1 - 2019/10

N2 - Recent rapid strides in memory safety tools and hardware have improved software quality and security. While coarse-grained memory safety has improved, achieving memory safety at the granularity of individual objects remains a challenge due to high performance overheads usually between ~1.7x-2.2x. In this paper, we present a novel idea called Califorms, and associated program observations, to obtain a low overhead security solution for practical, byte-granular memory safety. The idea we build on is called memory blacklisting, which prohibits a program from accessing certain memory regions based on program semantics. State of the art hardware-supported memory blacklisting, while much faster than software blacklisting, creates memory fragmentation (on the order of few bytes) for each use of the blacklisted location. We observe that metadata used for blacklisting can be stored in dead spaces in a program's data memory and that this metadata can be integrated into the microarchitecture by changing the cache line format. Using these observations, a Califorms based system proposed in this paper reduces the performance overheads of memory safety to ~1.02x-1.16x while providing bytegranular protection and maintaining very low hardware overheads. Moreover, the fundamental idea of storingmetadata in empty spaces and changing cache line formats can be used for other security and performance applications.

AB - Recent rapid strides in memory safety tools and hardware have improved software quality and security. While coarse-grained memory safety has improved, achieving memory safety at the granularity of individual objects remains a challenge due to high performance overheads usually between ~1.7x-2.2x. In this paper, we present a novel idea called Califorms, and associated program observations, to obtain a low overhead security solution for practical, byte-granular memory safety. The idea we build on is called memory blacklisting, which prohibits a program from accessing certain memory regions based on program semantics. State of the art hardware-supported memory blacklisting, while much faster than software blacklisting, creates memory fragmentation (on the order of few bytes) for each use of the blacklisted location. We observe that metadata used for blacklisting can be stored in dead spaces in a program's data memory and that this metadata can be integrated into the microarchitecture by changing the cache line format. Using these observations, a Califorms based system proposed in this paper reduces the performance overheads of memory safety to ~1.02x-1.16x while providing bytegranular protection and maintaining very low hardware overheads. Moreover, the fundamental idea of storingmetadata in empty spaces and changing cache line formats can be used for other security and performance applications.

KW - Caches

KW - Memory blacklisting

KW - Memory safety

UR - https://www.scopus.com/pages/publications/85074449752

UR - https://www.scopus.com/inward/citedby.url?scp=85074449752&partnerID=8YFLogxK

U2 - 10.1145/3352460.3358299

DO - 10.1145/3352460.3358299

M3 - Conference contribution

AN - SCOPUS:85074449752

T3 - Proceedings of the Annual International Symposium on Microarchitecture, MICRO

SP - 558

EP - 571

BT - MICRO 2019

PB - IEEE Computer Society

T2 - 52nd Annual IEEE/ACM International Symposium on Microarchitecture, MICRO 2019

Y2 - 12 October 2019 through 16 October 2019

ER -

Sasaki H, Arroyo MA, Ziad MTI, Bhat K, Sinha K, Sethumadhavan S. Practical byte-granular memory blacklisting using califorms. In MICRO 2019: Proceedings of the 52nd Annual IEEE/ACM International Symposium on Microarchitecture. IEEE Computer Society. 2019. p. 558-571. (Proceedings of the Annual International Symposium on Microarchitecture, MICRO). Epub 2019 Oct 12. doi: 10.1145/3352460.3358299

Practical byte-granular memory blacklisting using califorms

Abstract

Publication series

Conference

Funding

Keywords

UN SDGs

Access to Document

Persistent URL (handle)

Other files and links

Fingerprint

Cite this