Title: Hardware-based Always-On Memory Safety

Date: Tuesday, November 29th 

Time: 9:30am - 11:00am EST

Location: 1202 Conference Room Klaus, Virtual: Zoom Link (Meeting Code: 962 8999 0465)

 

Yonghae Kim

Ph.D. Computer Science

School of Computer Science

Georgia Institute of Technology

 

Committee:

Dr. Hyesoon Kim (Advisor) - School of Computer Science, Georgia Institute of Technology

Dr. Moinuddin Qureshi - School of Computer Science, Georgia Institute of Technology

Dr. Taesoo Kim - School of Computer Science, Georgia Institute of Technology

Dr. Jaekyu Lee - Arm

 

Abstract:

For decades, memory safety issues have exposed substantial security threats to computer systems. Memory safety violations occur when instructions perform illegitimate memory accesses to a program’s address space. There are broadly two types of memory safety violations. If a memory access occurs outside of its allowed range, e.g., buffer overflow and out-of- bounds (OOB) access, it violates spatial memory safety. When a memory region is accessed after the region is no longer valid, temporal memory safety is violated, e.g., use-after-free (UAF). Despite long-term efforts to resolve, memory safety issues are still the most prevalent and problematic in the wild. Recent studies show that ∼70% of security vulnerabilities addressed in industry stemmed from memory violations. This dissertation presents a multidisciplinary approach that addresses challenges of previous memory safety solutions and achieves practical memory safety.

 

First, we present AOS, a low-overhead heap protection mechanism. AOS proposes a data-pointer signing scheme that utilizes the unused upper bits of a pointer for a security purpose. With the proposed hardware support, AOS achieves efficient metadata management and bounds checks transparently performed in hardware. Second, we present RV-CURE, a RISC-V capability architecture that orchestrates compiler, architecture, and system designs for practical memory safety. RV-CURE proposes data-pointer tagging (DPT) that generalizes a pointer-tagging method for all memory types, including stack, heap, and global memory. In addition, RV-CURE investigates efficient, lightweight hardware extensions for DPT based on the RISC-V BOOM core. Furthermore, DPT utilizes static taint analysis that enables identifying vulnerable (tainted) memory objects and enabling selective protection only to those.