# GANDALF: A fine-grained hardware-software co-design for preventing   memory attacks

**Authors:** Gnanambikai Krishnakumar, Patanjali SLPSK, Prasanna Karthik Vairam,, Chester Rebeiro

arXiv: 1702.07223 · 2017-02-24

## TL;DR

GANDALF is a hardware-software co-design that enhances memory safety by associating runtime-checked base and bound capabilities to pointers, preventing buffer overflows and over-reads with minimal performance impact.

## Contribution

It introduces a compiler-assisted hardware extension for OpenRISC that enforces memory safety without significant OS modifications or performance degradation.

## Key findings

- Prevents all forms of memory-based attacks including buffer overflows and over-reads.
- Achieves locality, resulting in small performance penalties.
- Operates transparently to users without requiring major OS changes.

## Abstract

Reading or writing outside the bounds of a buffer is a serious security vulnerability that has been exploited in numerous occasions. These attacks can be prevented by ensuring that every buffer is only accessed within its specified bounds. In this paper we present Gandalf, a compiler-assisted hardware extension for the OpenRISC processor that thwarts all forms of memory based attacks including buffer overflows and over-reads.The feature associates lightweight base and bound capabilities to all pointer variables, which are checked at run time by the hardware. Gandalf is transparent to the user and does not require significant OS modifications. Moreover, it achieves locality, thus resulting in small performance penalties.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1702.07223/full.md

## Figures

2 figures with captions in the complete paper: https://tomesphere.com/paper/1702.07223/full.md

## References

8 references — full list in the complete paper: https://tomesphere.com/paper/1702.07223/full.md

---
Source: https://tomesphere.com/paper/1702.07223