Asan

References:

  • K. Serebryany, D. Bruening, A. Potapenko, and D. Vyukov, “Addresssanitizer: A fast address sanity checker,” in ATC, 2012.
  • reference

Overview

“[AddressSanitizer]”:

  • use shaow memory to record whether each byte of application memory is safe to access;
  • use instrumentation to check the shadow memory on each application load or store;
  • more efficient than AddrCheck in Valgrind:
    • use a more efficent shadow mapping;
    • a more compact shadow encoding.

8-byte memory –> 9 different states, 1 byte encoding (first k bytes addressable, 0<= k <=8)

HWASAN

More

  • Califorms

    • References: Sinha, Kanad, and Simha Sethumadhavan. “Practical memory safety with REST.” 2018 ACM/IEEE 45th Annual International Symposium on Computer Architecture (ISCA). IEEE, 2018. Overview REST: Random Embedded Secret Tokens (REST) 1-bit metadata per L1 data cache line a comparator to check for REST tokens during a cache fill software support based on AddressSanitizer More

Created Jan 17, 2022 // Last Updated Feb 8, 2023

If you could revise
the fundmental principles of
computer system design
to improve security...

... what would you change?