TUM Logo

Mitigating Temporal Memory Errors using Memory Tagging Extensions

Mitigating Temporal Memory Errors using Memory Tagging Extensions

Supervisor(s): Marius Momeu
Status: finished
Topic: Others
Author: Patrick Barclay
Submission: 2024-09-16
Type of Thesis: Bachelorthesis

Description

Temporal memory errors, such as Use-After-Free (UAF), are a major vulnerability in
memory-unsafe languages. This thesis focuses on mitigating UAF vulnerabilities by
building upon the existing heap-hardening technique, Safeslab. Safeslab relies on a
hardware extension called MPK on Intel CPUs to build an efficient address-aliasing
approach. However, due to MPK’s functionality, Safeslab incurs high memory overhead,
as well as performance overhead in worst-case scenarios, and adds complexity via
mechanisms that involve expensive page table walks for manually managing access
to some pages. Furthermore, Safeslab incurs a large number of false positives when
scanning for dangling pointers.
We remove this complexity by modifying Safeslab’s design to manage the access to
aliases with finer granularity, allowing us to reduce memory overhead significantly. We
achieve this by using the ARM Memory Tagging Extension (MTE) hardware feature to
tag a slab with a different tag for each allocation. Furthermore, the redesign provides
better cache behaviour, which is the main factor negatively impacting Safeslab’s performance.
We also sign pointers via the ARM Pointer Authentication (PAC) hardware
extension to reduce the number of false positive dangling pointers by 100× in apache.
These design improvements achieve a geomean performance overhead of up to 3% and
a worst-case overhead of 13%.