Cryptographic Capability Computing

LeMay, Michael; Rakshit, Joydeep; Deutsch, Sergej; Durham, David; Ghosh, Santosh; Nori, Anant; Gaur, Jayesh; Weiler, Andrew; Sultana, Salmin; Grewal, Karanvir; Subramoney, Sreenivas

doi:10.1145/3466752.3480076

Cited by 12 publications

(2 citation statements)

References 37 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The worst-case, 531.deepsjeng_r benchmark exercises an alpha-beta tree search, suggesting that the overhead is caused by the frequent non-safe memory-accesses and pointer manipulations while traversing the tree. Comparing this to the estimated 7% tag-checking overhead reported by [15], suggests that the tag forgery prevention instrumentation is a not insignificant contributor to this overhead. We expect that the tag forgery prevention overhead can be lowered by optimizing it to avoid redundant tag checking.…”

Section: Resultsmentioning

confidence: 63%

“…For example, use-after-free errors for heap allocations (or use-after-return for stack allocations) can be protected against by assigning random tags to newly allocated memory regions and clearing the tags on freeing memory [31]. Re-allocated memory will, with probability 15 16 , be assigned a different tag, which prevents access by any remaining dangling pointers. However, because the address tag is stored within the pointer itself, such solutions do not lend themselves for post-deployment run-time protection against an adversary that can overwrite pointers and their address tags.…”

Section: Armv85-a Memory Tagging Extensionmentioning

confidence: 99%

See 1 more Smart Citation

Color My World: Deterministic Tagging for Memory Safety

Liljestrand¹,

Chinea²,

Denis-Courmont³

et al. 2022

Preprint

View full text Add to dashboard Cite

Hardware-assisted memory protection features are increasingly being deployed in COTS processors. ARMv8.5 Memory Tagging Extensions (MTE) is a recent example, which has been used to provide probabilistic checks for memory safety. This use of MTE is not secure against the standard adversary with arbitrary read/write access to memory. Consequently MTE is used as a software development tool. In this paper we present the first design for deterministic memory protection using MTE that can resist the standard adversary, and hence is suitable for post-deployment memory safety. We describe our compiler extensions for LLVM Clang implementing static analysis and subsequent MTE instrumentation. Via a comprehensive evaluation we show that our scheme is effective.

show abstract

Section: Resultsmentioning

confidence: 63%

Section: Armv85-a Memory Tagging Extensionmentioning

confidence: 99%