SJMalloc: the security-conscious, fast, thread-safe and memory-efficient heap allocator

TL;DR

SJMalloc is a high-performance, secure heap allocator that stores metadata out-of-band, improving security and performance with minimal memory overhead, and is compatible as a drop-in replacement for standard allocators.

Contribution

We introduce SJMalloc, a novel heap allocator that enhances security and performance by storing metadata separately, addressing performance barriers of hardened allocators.

Findings

~6% performance improvement over GLibc allocator

Only ~5% additional memory usage

Successfully passes GLibc malloc testsuite

Abstract

Heap-based exploits that leverage memory management errors continue to pose a significant threat to application security. The root cause of these vulnerabilities are the memory management errors within the applications, however various hardened allocator designs have been proposed as mitigation. A common feature of these designs is the strategic decision to store heap metadata separately from the application data in use, thereby reducing the risk of metadata corruption leading to security breaches. Despite their potential benefits, hardened allocators have not been widely adopted in real-world applications. The primary barrier to their adoption is the performance overheads they introduce. These overheads can negatively impact the efficiency and speed of applications, which is a critical consideration for developers and system administrators. Having learned from previous implementations, we developed SJMalloc, a general-purpose, high-performance allocator that addresses these concerns. SJMalloc stores its metadata out-of-band, away from the application's data on the heap. This design choice not only enhances security but also improves performance. Across a variety of real-world workloads, SJMalloc demonstrates a ~6% performance improvement compared to GLibcs allocator, while using only ~5% more memory. Furthermore, SJMalloc successfully passes the generic elements of the GLibc malloc testsuite and can thus be used as a drop-in replacement for the standard allocator, offering an easy upgrade path for enhanced security and performance without requiring changes to existing applications.