Baggy bounds checking

Add to your list(s) Download to your calendar using vCal

• Periklis Akritidis (University of Cambridge)
• Tuesday 27 January 2009, 13:00-13:30
• Computer Laboratory, William Gates Building, Room FW11.

If you have a question about this talk, please contact Stephen Kell.

The adoption of runtime bounds checking for C programs is limited because it either breaks interoperability by modifying the pointer representation to include bounds or incurs significant performance overhead to lookup the bounds in a data structure. We improve this for security purposes by observing that enforcing looser bounds still severely limits attackers, as long as we pad objects to the new, baggy bounds thus preventing access to any potential target objects. We take advantage of this more flexible integrity guarantee to increase performance by padding and aligning allocations to a power of two, enabling a byte-size representation of the allocation bounds that is efficient to store, lookup and check. As expected, padding incurs space and runtime overheads, but these turn out to be far less than the gains for bounds checking: our technique is more than three times faster—-and orthogonal—-to the state of the art technique on the same benchmarks, and an order of magnitude faster, using less memory, compared to using splay trees instead of padding, sharing the same implementation for everything else.

This talk is part of the Computer Laboratory NetOS Group Talklets series.

This talk is included in these lists:

• All Talks (aka the CURE list)
• Cambridge talks
• Computer Laboratory NetOS Group Talklets
• Computer Laboratory, William Gates Building, Room FW11
• Department of Computer Science and Technology talks and seminars
• Interested Talks
• School of Technology
• Trust & Technology Initiative - interesting events
• bld31

Note that ex-directory lists are not shown.