PoisonCap: Efficient Hierarchical Temporal Safety for CHERI
Yuecheng Wang, Jonathan Woodruff, Alfredo Mazzinghi, Peter Rugg, Alexandre Joannou, Samuel W. Stark, Robert N. M. Watson, Simon W. Moore
TL;DR
PoisonCap introduces a scalable, efficient method for enforcing strict use-after-free and initialisation safety in CHERI systems using a novel 'poison' capability format, improving safety without performance costs.
Contribution
It presents a new 'poison' capability format that enforces stronger temporal safety in CHERI, replacing existing solutions and enabling efficient memory management.
Findings
Enforces strict use-after-free and initialisation safety in CHERI.
Can replace Cornucopia shadow bitmap with no performance overhead.
Automatically zeros memory on reallocation or traps on read-before-write.
Abstract
In this paper, we present PoisonCap: scalable temporal safety with strict use-after-free protection and initialisation safety for CHERI systems. Efficient memory safety is an increasing priority for programming languages, operating systems, and hardware designs, and CHERI is a leading hardware/software system that provides native spatial safety and a foundation for temporal memory safety. Cornucopia Reloaded, the current state-of-the-art CHERI temporal safety solution, provides use-after-reallocation safety instead of stronger use-after-free safety, and is not able to enforce initialisation safety. We show that a new 'poison' capability format can be used to enforce strict use-after-free and initialisation safety, and also to communicate memory state to the microarchitecture for efficient cache management of quarantined memory. We enable elegant delegation of memory poisoning privilege…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.