Towards cryptographically-authenticated in-memory data structures

TL;DR

This paper explores the use of hardware-assisted cryptographic features in modern processors to create secure, authenticated in-memory data structures like stacks and queues, enhancing protection against memory corruption with minimal performance impact.

Contribution

It introduces practical implementations of cryptographically-authenticated data structures utilizing existing hardware cryptography, demonstrating their effectiveness and efficiency.

Findings

Secure stacks and queues with 3.4%-6.4% performance slowdown

Proofs of correctness for the proposed data structures

Utilization of widely available cryptographic hardware features

Abstract

Modern processors include high-performance cryptographic functionalities such as Intel's AES-NI and ARM's Pointer Authentication that allow programs to efficiently authenticate data held by the program. Pointer Authentication is already used to protect return addresses in recent Apple devices, but as yet these structures have seen little use for the protection of general program data. In this paper, we show how cryptographically-authenticated data structures can be used to protect against attacks based on memory corruption, and show how they can be efficiently realized using widely available hardware-assisted cryptographic mechanisms. We present realizations of secure stacks and queues with minimal overall performance overhead (3.4%-6.4% slowdown of the OpenCV core performance tests), and provide proofs of correctness.