论文信息 - CHERI Concentrate: Practical Compressed Capabilities - 字舞流文

CHERI Concentrate: Practical Compressed Capabilities

We present CHERI Concentrate, a new fat-pointer compression scheme applied to CHERI, the most developed capability-pointer system at present. Capability fat pointers are a primary candidate to enforce fine-grained and non-bypassable security properties in future computer systems, although increased pointer size can severely affect performance. Thus, several proposals for capability compression have been suggested elsewhere that do not support legacy instruction sets, ignore features critical to the existing software base, and also introduce design inefficiencies to RISC-style processor pipelines. CHERI Concentrate improves on the state-of-the-art region-encoding efficiency, solves important pipeline problems, and eases semantic restrictions of compressed encoding, allowing it to protect a full legacy software stack. We present the first quantitative analysis of compiled capability code, which we use to guide the design of the encoding format. We analyze and extend logic from the open-source CHERI prototype processor design on FPGA to demonstrate encoding efficiency, minimize delay of pointer arithmetic, and eliminate additional load-to-use delay. To verify correctness of our proposed high-performance logic, we present a HOL4 machine-checked proof of the decode and pointer-modify operations. Finally, we measure a 50 to 75 percent reduction in L2 misses for many compiled C-language benchmarks running under a commodity operating system using compressed 128-bit and 64-bit formats, demonstrating both compatibility with and increased performance over the uncompressed, 256-bit format.

Peter G. Neumann | Robert N. M. Watson | Jonathan Woodruff | David Chisnall | Simon W. Moore | Robert M. Norton | A. T. Markettos | Khilan Gudka | Alexandre Joannou | Hongyan Xia | Anthony Fox | Brooks Davis | Nathaniel W. Filardo | A. Theodore Markettos | Michael Roe | R. Watson | S. Moore | P. Neumann | D. Chisnall | Jonathan Woodruff | M. Roe | Brooks Davis | Khilan Gudka | Alexandre Joannou | Robert M. Norton | A. Fox | N. Filardo | Hongyan Xia | Thomas Bauereiss

[1] Vikram S. Adve,et al. LLVM: a compilation framework for lifelong program analysis & transformation , 2004, International Symposium on Code Generation and Optimization, 2004. CGO 2004..

[2] Jason Evans April. A Scalable Concurrent malloc(3) Implementation for FreeBSD , 2006 .

[3] William J. Dally,et al. Hardware support for fast capability-based addressing , 1994, ASPLOS VI.

[4] RICHARD J. FEIERTAG,et al. The foundations of a provably secure operating system (PSOS) , 1979, 1979 International Workshop on Managing Requirements Knowledge (MARK).

[5] Jonathan M. Smith,et al. Architectural Support for Software-Defined Metadata Processing , 2015, ASPLOS.

[6] Peter G. Neumann,et al. CHERI: A Hybrid Capability-System Architecture for Scalable Software Compartmentalization , 2015, 2015 IEEE Symposium on Security and Privacy.

[7] Jack B. Dennis,et al. Programming semantics for multiprogrammed computations , 1966, CACM.

[8] Peter G. Neumann,et al. The CHERI capability model: Revisiting RISC in an age of risk , 2014, 2014 ACM/IEEE 41st International Symposium on Computer Architecture (ISCA).

[9] George Neville-Neil,et al. The Design and Implementation of the FreeBSD Operating System , 2014 .

[10] F. J. Corbató,et al. Introduction and overview of the multics system , 1965, AFIPS '65 (Fall, part I).

[11] Ruby B. Lee. Precision architecture , 1989, Computer.

[12] Thomas F. Knight,et al. A capability representation with embedded address and nearly-exact object bounds , 2000 .

[13] Milo M. K. Martin,et al. SoftBound: highly compatible and complete spatial memory safety for c , 2009, PLDI '09.

[14] George C. Necula,et al. CCured: type-safe retrofitting of legacy code , 2002, SIGP.

[15] Peter G. Neumann,et al. Beyond the PDP-11: Architectural Support for a Memory-Safe C Abstract Machine , 2015, ASPLOS.

[16] Peter G. Neumann,et al. Capability Hardware Enhanced RISC Instructions: CHERI Instruction-set architecture , 2014 .

[17] Christoforos E. Kozyrakis,et al. Hardware Enforcement of Application Security Policies Using Tagged Memory , 2008, OSDI.

[18] Konrad Lai,et al. Supporting ada memory management in the iAPX-432 , 1982, ASPLOS I.

[19] Anne Rogers,et al. Supporting dynamic data structures on distributed-memory machines , 1995, TOPL.

[20] Krste Asanovic,et al. Mondrix: memory isolation for linux using mondriaan memory protection , 2005, SOSP '05.

[21] Milo M. K. Martin,et al. Hardbound: architectural support for spatial safety of the C programming language , 2008, ASPLOS.

[22] Mihai Budiu,et al. Control-flow integrity principles, implementations, and applications , 2009, TSEC.

[23] Krste Asanovic,et al. Mondrian memory protection , 2002, ASPLOS X.

[24] Trevor Mudge,et al. MiBench: A free, commercially representative embedded benchmark suite , 2001 .

[25] Jonathan M. Smith,et al. Low-fat pointers: compact encoding and efficient gate-level implementation of fat pointers for spatial safety and capability-based security , 2013, CCS.

[26] Jeffrey S. Chase,et al. Architecture support for single address space operating systems , 1992, ASPLOS V.

[27] Jonathan M. Smith,et al. Preliminary design of the SAFE platform , 2011, PLOS '11.

[28] Miguel Castro,et al. Baggy Bounds Checking: An Efficient and Backwards-Compatible Defense against Out-of-Bounds Errors , 2009, USENIX Security Symposium.

[29] F. J. Corbat. INTRODUCTION AND OVERVIEW OF THE MULTICS SYSTEM , 2010 .

[30] Wouter Joosen,et al. PAriCheck: an efficient pointer arithmetic checker for C programs , 2010, ASIACCS '10.

[31] Maurice V. Wilkes,et al. The Cambridge CAP computer and its operating system (Operating and programming systems series) , 1979 .