Secure Rewind and Discard on ARM Morello

TL;DR

This paper adapts the Secure Domain Rewind and Discard (SDRaD) technique to the CHERI architecture, improving software resilience against runtime attacks with minimal performance impact.

Contribution

It introduces CHERI-SDRaD, a lightweight adaptation of SDRaD leveraging CHERI's inherent memory safety, reducing performance degradation and resolving limitations of previous MPK-based methods.

Findings

CHERI-SDRaD achieves only 2.2% performance degradation on Nginx benchmarks.

The adaptation resolves limitations of MPK-based SDRaD.

CHERI's memory safety properties enhance software resilience.

Abstract

Memory-unsafe programming languages such as C and C++ are the preferred languages for systems programming, embedded systems, and performance-critical applications. The widespread use of these languages makes the risk of memory-related attacks very high. There are well-known detection mechanisms, but they do not address software resilience. An earlier approach proposes the Secure Domain Rewind and Discard (SDRaD) of isolated domains as a method to enhance the resilience of software targeted by runtime attacks on x86 architecture, based on hardware-enforced Memory Protection Key (MPK). In this work, SDRaD has been adapted to work with the Capability Hardware Enhanced RISC Instructions (CHERI) architecture to be more lightweight and performant. The results obtained in this thesis show that CHERI-SDRaD, the prototype adaption that leverages the memory-safety properties inherent to the CHERI architecture, results in a solution with less performance degradation (2.2% in Nginx benchmarks) compared to earlier results obtained with the original SDRaD prototype on an Intel-based architecture. The adaption to CHERI additionally allowed limitations inherent to the MPK-based approach to be resolved.