2005 Safemem

References:

A novel use of ECC memory technology

to detect first access to a user-directed memory region

–> can be used to detect memory leaks and memory corruption.

ECC

7 bits to protect 32 bits, or 8 bits to protect 64 bits [c18]

Four modes:

  • Disabled.
  • Check-Only. detect single-bit and multi-bit errors.
  • Correct-Error. + correct single-bit errors.
  • Correct-and-Scrub. + Scrubs memory periodically to check and correct hardware errors.

Error Handling:

ECC-error interrupt, Linux/Windows -> panic/blue screen –> reboot

Problem/Challenges

Advantages of using ECC:

  • at cache line granularity instead of page granularity.
    • reduce the amount of false sharing and padding space.

Challenges of using ECC:

  • leverage a standard off-the-shelf ECC memory controller
    • most do not allow software to directly access the ECC code.
  • unlike page protection faults, operating systems do not deliver the ECC-error interrupts to user-level programs.

Memory Corruption: damages memory content through buffer overflow, incorrect pointer arithmetic, or other types of program errors.

Memory Leak: allocated memory is never accessed again.

SafeMem

New Linux System Calls:

  1. WatchMemory(address, size)
    • size cache line size aligned
  2. DisableWatchMemory(address)
  3. RegisterECCFaultHandler(function)
    • register a user level ECC fault handler

Monitoring: the first access of the monitored region –> ECC handler

  • Memory Corruption: first access to a monitored location is a bug;
  • Memory Leak: first access to a monitored location indicates a false positive.

Where to monitor?

For memory leakage: todo…

For Memory Corruption Detection: padding two ends of a buffer.

Suggestions to ECC

Cache-Line size is still a large granularity.

Word granularity as in Mondrian Memory Protection (MMP) [c31]

[c31]: E. Witchel, J. Cates, and K. Asanovi´c. Mondrian memory protection. In Proceedings of the 10th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), pages 304–316, Oct 2002.

More

Created Jun 2, 2022 // Last Updated Jun 2, 2022

If you could revise
the fundmental principles of
computer system design
to improve security...

... what would you change?