skip to main content
10.1145/1181309.1181317acmotherconferencesArticle/Chapter ViewAbstractPublication PagesasplosConference Proceedingsconference-collections
Article

Tradeoffs in fine-grained heap memory protection

Published: 21 October 2006 Publication History

Abstract

Different uses of memory protection schemes have different needs in terms of granularity. For example, heap security can benefit from chunk separation (by using protected "padding" boundaries) and meta-data protection. However, such protection can be done at different granularity (eg. per-word, per-block, or per-page), with different performance, cost and memory overhead tradeoffs for different applications. In this paper, we explore these tradeoffs for the purpose of heap security in order to discover whether the "right" granularity exists and how the granularity of protection affects design decisions.We evaluate such tradeoffs based on the current heap-security approaches in a single address spare operating system. The access control granularities we use are word, 8-byte, 16-byte, 32-byte, and page. We find that none of these schemes is optimal across all applications. In some applications, excessive padding degrades caching performance for coarse-granularity schemes, while in others, large-block permission changes introduce large overheads for finer granularities. To overcome these limitations, we propose a new two-granularity scheme, which uses word- and page-granularity protection to eliminate padding but allow fast page-size permission changes for large memory blocks. On all applications, this new scheme performs as well or better than the best single-granularity scheme. It also performs on par with the more complex Mondrian Memory Protection, which uses a complex trie structure and multiple permissions caching mechanisms to support a hierarchy of protection granularities.

References

[1]
Anonymous. Once upon a free(). Phrack Magazine, 57(9), 2001.
[2]
M. L. Corliss, E. C. Lewis, and A. Roth. Dise: A programmable macro engine for customizing applications. In ISCA '03: 30th Intl. Symp. on Computer Architecture, pages 362--373, New York, NY, USA, 2003. ACM Press.
[3]
C. Cowan, S. Beattie, J. Johansen, and P. Wagle. PointGuard: Protecting Pointers from Buffer Overflow Vulnerabilities. in Proc. of the 12th USENIX Security Symp., pages 91--104, 2003.
[4]
C. Cowan, C. Pu, D. Maier, J. Walpole, P. Bakke, S. Beattie, A. Grier, P. Wagle, Q. Zhang, and H. Hinton. StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks. in Proc. of the 7th USENIX Security Symp., pages 63--78, 1998.
[5]
C. Cowan, F. Wagle, C. Pu, S. Beattie, and J. Walpole. Buffer overflows: Attacks and defenses for the vulnerability of the decade. In DARPA Information Survivability Conf. & Exposition - Volume 2, pages 119--129, 2000.
[6]
W. J. Dally and et al. The j-machine: a fine-grain concurrent computer. In G. X. Ritter (ed.), Information Processing 89, North Holland, 1989. Elsevier Science Publishers B.V.
[7]
Doug Lea. A Memory Allocator. http://gee.cs.oswego.edu/dl/html/malloc.html, 2000.
[8]
IBM Corporation. IBM Rational Purify. http://www.ibm.com/software/awdtools/purify/, 2005.
[9]
E. J. Koldinger, J. S. Chase, and S. J. Eggers. Architectural support for single address space operating systems. In 5th Intl. Conf. on Architectural Support for Programming Languages and Operating System (ASPLOS), volume 27, pages 175--186, New York, NY, 1992. ACM Press.
[10]
F. Perriot and P. Szor. An Analysis of the Slapper Worm Exploit. http://securityresponse.symantec.com/avcenter/reference/analysis.slapper.worm.pdf, 2003.
[11]
J. Renau et al. SESC. http://sesc.sourceforge.net, 2006.
[12]
Security Focus. Wu-Ftpd File Globbing Heap Corruption Vulnerability. http://www.securityfocus.com/bid/3581, 2002.
[13]
Security Focus. CVS Directory Request Double Free Heap Corruption Vulnerability. http://www.securityfocus.com/bid/6650, 2003.
[14]
Security Focus. Sudo Password Prompt Heap Overflow Vulnerability. http://www.securityfocus.com/bid/4593, 2003.
[15]
J. Seward. Valgrind, An Open-Source Memory Debugger for x86-GNU/Linux. http://valgrind.kde.org/, 2004.
[16]
R. Shetty, M. Kharbutli, Y. Solihin, and M. Prvulovic. HeapMon: a Low Overhead, Automatic, and Programmable Memory Bug Detector. In IBM T.J. Watson Conf. on Interaction between Architecture, Circuits, and Compilers, 2004.
[17]
Standard Performance Evaluation Corporation. SPEC Benchmarks. http://www.spec.org, 2000.
[18]
E. Witchel, J. Cates, and K. Asanovic. Mondrian memory protection. In ASPLOS-X: 10th international conference on Architectural Support for Programming Languages and Operating Systems, pages 304--316, New York, NY, USA, 2002. ACM Press.
[19]
P. Zhou, W. Liu, L. Fei, S. Lu, F. Qin, Y. Zhou, S. Midkiff, and J. Torellas. AccMon: Automatically Detecting Memory-related Bugs via Program Counter-Based Invariants. In Proc. of the 37th Intl. Symp. on MicroArchitecture), 2004.
[20]
P. Zhou, F. Qin, W. Liu, Y. Zhou, and J. Torellas. iWatcher: Efficient Architectural Support for Software Debugging. In Proc. of the 31st Intl. Symp. on Computer Architecture, 2004.

Cited By

View all
  • (2022)SC-K9: A Self-synchronizing Framework to Counter Micro-architectural Side Channels2022 27th Asia and South Pacific Design Automation Conference (ASP-DAC)10.1109/ASP-DAC52403.2022.9712572(11-18)Online publication date: 17-Jan-2022
  • (2020)De-Randomizing the Code Segment with Timing Function Attack2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)10.1109/TrustCom50675.2020.00045(259-267)Online publication date: Dec-2020
  • (2020)Cache-Zoomer: On-demand High-resolution Cache Monitoring for SecurityJournal of Hardware and Systems Security10.1007/s41635-020-00095-wOnline publication date: 7-Jun-2020
  • Show More Cited By

Index Terms

  1. Tradeoffs in fine-grained heap memory protection

    Recommendations

    Comments

    Information & Contributors

    Information

    Published In

    cover image ACM Other conferences
    ASID '06: Proceedings of the 1st workshop on Architectural and system support for improving software dependability
    October 2006
    76 pages
    ISBN:1595935762
    DOI:10.1145/1181309
    Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 21 October 2006

    Permissions

    Request permissions for this article.

    Check for updates

    Author Tags

    1. heap security
    2. memory protection
    3. protection granularity

    Qualifiers

    • Article

    Conference

    ASPLOS06

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • Downloads (Last 12 months)0
    • Downloads (Last 6 weeks)0
    Reflects downloads up to 17 Jan 2025

    Other Metrics

    Citations

    Cited By

    View all
    • (2022)SC-K9: A Self-synchronizing Framework to Counter Micro-architectural Side Channels2022 27th Asia and South Pacific Design Automation Conference (ASP-DAC)10.1109/ASP-DAC52403.2022.9712572(11-18)Online publication date: 17-Jan-2022
    • (2020)De-Randomizing the Code Segment with Timing Function Attack2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)10.1109/TrustCom50675.2020.00045(259-267)Online publication date: Dec-2020
    • (2020)Cache-Zoomer: On-demand High-resolution Cache Monitoring for SecurityJournal of Hardware and Systems Security10.1007/s41635-020-00095-wOnline publication date: 7-Jun-2020
    • (2019)EraseMeProceedings of the 2019 Great Lakes Symposium on VLSI10.1145/3299874.3318027(319-322)Online publication date: 13-May-2019
    • (2019)COTSknight: Practical Defense against Cache Timing Channel Attacks using Cache Monitoring and Partitioning Technologies2019 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)10.1109/HST.2019.8740835(121-130)Online publication date: May-2019
    • (2019)Machine Learning-Based Analysis of Program Binaries: A Comprehensive StudyIEEE Access10.1109/ACCESS.2019.29176687(65889-65912)Online publication date: 2019
    • (2019)PrODACTInternational Journal of Parallel Programming10.1007/s10766-018-0609-347:4(571-594)Online publication date: 1-Aug-2019
    • (2019)Covert Timing Channels Exploiting Cache Coherence HardwareInternational Journal of Parallel Programming10.1007/s10766-018-0608-447:4(595-620)Online publication date: 1-Aug-2019
    • (2018)MORPHProceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security10.1145/3243734.3278518(2315-2317)Online publication date: 15-Oct-2018
    • (2018)Clone-hunter: accelerated bound checks elimination via binary code clone detectionProceedings of the 2nd ACM SIGPLAN International Workshop on Machine Learning and Programming Languages10.1145/3211346.3211347(11-19)Online publication date: 18-Jun-2018
    • Show More Cited By

    View Options

    Login options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Media

    Figures

    Other

    Tables

    Share

    Share

    Share this Publication link

    Share on social media