Related papers: CGuard: Efficient Spatial Safety for C

CGuard: Efficient Spatial Safety for C

URL: http://arxiv.org/abs/2107.10533v3
Date: Tue, 29 Aug 2023 08:51:17 GMT
Title: CGuard: Efficient Spatial Safety for C
Authors: Piyus Kedia, Rahul Purandare, Udit Kumar Agarwal, Rishabh
Abstract summary: We present CGuard, a tool that provides object-bounds protection for C applications with comparable overheads to SGXBounds without restricting the application address space. CGuard stores the bounds information just before the base address of an object and encodes the relative offset of the base address in the spare bits of the virtual address available in x86_64 architecture.
Score: 0.5249805590164903
License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
Abstract: Spatial safety violations are the root cause of many security attacks and unexpected behavior of applications. Existing techniques to enforce spatial safety work broadly at either object or pointer granularity. Object-based approaches tend to incur high CPU overheads, whereas pointer-based approaches incur both high CPU and memory overheads. SGXBounds, an object-based approach, is so far the most efficient technique that provides complete out-of-bounds protection for objects. However, a major drawback of this approach is that it can't support address space larger than 32-bit. In this paper, we present CGuard, a tool that provides object-bounds protection for C applications with comparable overheads to SGXBounds without restricting the application address space. CGuard stores the bounds information just before the base address of an object and encodes the relative offset of the base address in the spare bits of the virtual address available in x86_64 architecture. For an object that can't fit in the spare bits, CGuard uses a custom memory layout that enables it to find the base address of the object in just one memory access. Our study revealed spatial safety violations in the gcc and x264 benchmarks from the SPEC CPU2017 benchmark suite and the string_match benchmark from the Phoenix benchmark suite. The execution time overheads for the SPEC CPU2017 and Phoenix benchmark suites were 42% and 26% respectively, whereas the reduction in the throughput for the Apache webserver when the CPUs were fully saturated was 30%. These results indicate that CGuard can be highly effective while maintaining a reasonable degree of efficiency.

Related papers

CAMP: Compiler and Allocator-based Heap Memory Protection [23.84729234219481]
We present CAMP, a new sanitizer for detecting and capturing heap memory corruption. CAMP enables various compiler optimization strategies and thus eliminates redundant and unnecessary check instrumentation. Our evaluation and comparison of CAMP with existing tools, using both real-world applications and SPEC CPU benchmarks, show that it provides even better heap corruption detection capability with lower runtime overhead.
arXiv Detail & Related papers (2024-06-04T19:37:41Z)
ShadowBound: Efficient Heap Memory Protection Through Advanced Metadata Management and Customized Compiler Optimization [24.4696797147503]
heap corruption poses severe threats to system security. We present ShadowBound, a unique heap memory protection design. We implement ShadowBound atop the LLVM framework and integrated three state-of-the-art use-after-free defenses.
arXiv Detail & Related papers (2024-06-04T07:02:53Z)
SeMalloc: Semantics-Informed Memory Allocator [18.04397502953383]
Use-after-free (UAF) is a critical and prevalent problem in memory unsafe languages. We show one way to balance the trinity by passing more semantics about the heap object to the allocator. In SeMalloc, only heap objects allocated from the same call site and via the same function call stack can possibly share a virtual memory address.
arXiv Detail & Related papers (2024-02-02T21:02:15Z)
Top of the Heap: Efficient Memory Error Protection of Safe Heap Objects [37.992322891101374]
Existing memory safety defenses aim at protecting all objects, resulting in high performance cost and incomplete protection. We propose an approach that accurately identifies objects that are inexpensive to protect, and design a method to protect such objects comprehensively from all classes of memory errors.
arXiv Detail & Related papers (2023-10-10T08:04:08Z)
HDCC: A Hyperdimensional Computing compiler for classification on embedded systems and high-performance computing [58.720142291102135]
This work introduces the name compiler, the first open-source compiler that translates high-level descriptions of HDC classification methods into optimized C code. name is designed like a modern compiler, featuring an intuitive and descriptive input language, an intermediate representation (IR), and a retargetable backend. To substantiate these claims, we conducted experiments with HDCC on several of the most popular datasets in the HDC literature.
arXiv Detail & Related papers (2023-04-24T19:16:03Z)
Region Aware Video Object Segmentation with Deep Motion Modeling [56.95836951559529]
Region Aware Video Object (RAVOS) is a method that predicts regions of interest for efficient object segmentation and memory storage. For efficient segmentation, object features are extracted according to the ROIs, and an object decoder is designed for object-level segmentation. For efficient memory storage, we propose motion path memory to filter out redundant context by memorizing the features within the motion path of objects between two frames.
arXiv Detail & Related papers (2022-07-21T01:44:40Z)
CryptSan: Leveraging ARM Pointer Authentication for Memory Safety in C/C++ [0.9208007322096532]
CryptSan is a memory safety approach based on ARM Pointer Authentication. We present a full LLVM-based prototype implementation, running on an M1 MacBook Pro. This, together with its interoperability with uninstrumented libraries and cryptographic protection against attacks on metadata, makes CryptSan a viable solution for retrofitting memory safety to C/C++ programs.
arXiv Detail & Related papers (2022-02-17T14:04:01Z)
ObjectSeeker: Certifiably Robust Object Detection against Patch Hiding Attacks via Patch-agnostic Masking [95.6347501381882]
Object detectors are found to be vulnerable to physical-world patch hiding attacks. We propose ObjectSeeker as a framework for building certifiably robust object detectors.
arXiv Detail & Related papers (2022-02-03T19:34:25Z)
Segment and Complete: Defending Object Detectors against Adversarial Patch Attacks with Robust Patch Detection [142.24869736769432]
Adversarial patch attacks pose a serious threat to state-of-the-art object detectors. We propose Segment and Complete defense (SAC), a framework for defending object detectors against patch attacks. We show SAC can significantly reduce the targeted attack success rate of physical patch attacks.
arXiv Detail & Related papers (2021-12-08T19:18:48Z)
ASH: A Modern Framework for Parallel Spatial Hashing in 3D Perception [91.24236600199542]
ASH is a modern and high-performance framework for parallel spatial hashing on GPU. ASH achieves higher performance, supports richer functionality, and requires fewer lines of code. ASH and its example applications are open sourced in Open3D.
arXiv Detail & Related papers (2021-10-01T16:25:40Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.