CHERI-D: Secure and efficient inline object ID for CHERI temporal memory safety

By Yuecheng Wang, Jonathan Woodruff, Alfredo Mazzinghi, Peter Rugg, Samuel W. Stark, Alexandre Joannou, Robert N. M. Watson, Simon W. Moore
University of Cambridge, United Kingdom

Abstract

We propose CHERI-D, an architectural extension to CHERI that supports efficient temporal memory safety. Efficient memory safety is an increasing priority for programming languages, operating systems, and hardware designs, and CHERI is a leading hardware/software system that provides native spatial safety and a foundation for temporal memory safety. Due to CHERI lacking intrinsic architectural support for temporal memory safety, the state-of-the-art CHERI temporal safety solution, Cornucopia Reloaded, is a software-based solution that provides use-after-reallocation (UAR) protections instead of the stronger use-after-free (UAF) mitigation, and suffers performance overhead due to delayed reallocation and revocation. CHERI-D associates object identification (ID) metadata with capability pointers to provide temporal integrity of allocations. CHERI spatial safety allows CHERI-D to store object IDs safely inline with allocation data, potentially within unused fragmentation. Evaluated in simulation and in hardware, CHERI-D significantly reduces the revocation overhead of Cornucopia Reloaded while allowing it to support strict use-after-free mitigation.

To read the full article, click here