DeepAI AI Chat
Log In Sign Up

Color My World: Deterministic Tagging for Memory Safety

by   Hans Liljestrand, et al.
HUAWEI Technologies Co., Ltd.
Association for Computing Machinery

Hardware-assisted memory protection features are increasingly being deployed in COTS processors. ARMv8.5 Memory Tagging Extensions (MTE) is a recent example, which has been used to provide probabilistic checks for memory safety. This use of MTE is not secure against the standard adversary with arbitrary read/write access to memory. Consequently MTE is used as a software development tool. In this paper we present the first design for deterministic memory protection using MTE that can resist the standard adversary, and hence is suitable for post-deployment memory safety. We describe our compiler extensions for LLVM Clang implementing static analysis and subsequent MTE instrumentation. Via a comprehensive evaluation we show that our scheme is effective.


page 1

page 2

page 3

page 4


Memory Tagging and how it improves C/C++ memory safety

Memory safety in C and C++ remains largely unresolved. A technique usual...

xTag: Mitigating Use-After-Free Vulnerabilities via Software-Based Pointer Tagging on Intel x86-64

Memory safety in complex applications implemented in unsafe programming ...

Simplex: Repurposing Intel Memory Protection Extensions for Information Hiding

With the rapid increase in software exploits, the last few decades have ...

Memory Tagging: A Memory Efficient Design

ARM recently introduced a security feature called Memory Tagging Extensi...

Taking a Look into Execute-Only Memory

The development process of microcontroller firmware often involves multi...

Secure Memory Erasure in the Presence of Man-in-the-Middle Attackers

Memory erasure protocols serve to clean up a device's memory before the ...

CGuard: Efficient Spatial Safety for C

Spatial safety violations are the root cause of many security attacks an...