FRAMER: A Cache-friendly Software-based Capability Model

10/27/2018
by   Myoung Jin Nam, et al.
0

Fine-grained memory protection for C and C++ programs must track individual objects (or pointers), and store bounds information per object (pointer). Its cost is dominated by metadata updates and lookups, making efficient metadata management the key for minimizing performance impact. Existing approaches reduce metadata management overheads by sacrificing precision, breaking binary compatibility by changing object memory layout, or wasting space by excessive alignment or large shadow memory spaces. We propose FRAMER, a software capability model for object-granularity memory protection. Its efficient per-object metadata management mechanism enables direct access to metadata by calculating their location from a tagged pointer to the object and, for large objects, a compact supplementary table. The number of bits in this tag and the size of the supplementary table are balanced to minimize both using a novel technique. FRAMER is a general proposal for object metadata management with potential applications in memory safety, type safety, thread safety and garbage collection that improves over previous solutions by (1) increasing locality of reference by having objects carry their metadata, (2) streamlining expensive metadata lookups, (3) saving space by avoiding superfluous alignment and padding, (4) avoiding internal object memory layout changes.

READ FULL TEXT

page 6

page 10

page 12

research
06/05/2019

Practical Byte-Granular Memory Blacklisting using Califorms

Recent rapid strides in memory safety tools and hardware have improved s...
research
07/22/2021

CGuard: Efficient Spatial Safety for C

Spatial safety violations are the root cause of many security attacks an...
research
02/15/2023

Field-sensitive Data Flow Integrity

Although numerous defenses against memory vulnerability exploits have be...
research
02/29/2020

DangKiller: Eliminating Dangling Pointers Efficiently via Implicit Identifier

Use-After-Free vulnerabilities, allowing the attacker to access unintend...
research
04/07/2015

Garbage Collection Techniques for Flash-Resident Page-Mapping FTLs

Storage devices based on flash memory have replaced hard disk drives (HD...
research
07/16/2019

Object-Capability as a Means of Permission and Authority in Software Systems

The object-capability model is a security measure that consists in encod...
research
01/24/2023

FUSEE: A Fully Memory-Disaggregated Key-Value Store (Extended Version)

Distributed in-memory key-value (KV) stores are embracing the disaggrega...

Please sign up or login with your details

Forgot password? Click here to reset