Hardware support for fast capability-based addressing

Carter, Nicholas P.; Keckler, Stephen W.; Dally, William J.

doi:10.1145/195470.195579

Cited by 26 publications

(16 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…It is possible to implement a memory capability model in a strict RISC instruction set with a load-store architecture and single-cycle operations as demonstrated by the M-Machine [5]. In a RISC implementation, memory capabilities can be stored in registers or in memory, but must be loaded into registers for use.…”

Section: A Risc Memory Capability Modelmentioning

confidence: 99%

“…The M-Machine [5] is a 64-bit tagged-memory capability sys tem design using guarded pointers to implement fine-grained memory protection for pointer safety. M-Machine pointers are unforgeable.…”

Section: M-machinementioning

confidence: 99%

“…Processors with capability-based addressing, epitomized by designs such as the M-Machine [5], provide strong technical and intellectual grounding for intra-program protection. How ever, such systems fail to provide adequate compatibility with existing source-code and binary software corpora, and often require ground-up software rewrites.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

The CHERI capability model: Revisiting RISC in an age of risk

Woodruff¹,

Watson²,

Chisnall³

et al. 2014

2014 ACM/IEEE 41st International Symposium on Computer Architecture (ISCA)

183

159

View full text Add to dashboard Cite

Motivated by contemporary security challenges, we reeval uate and refine capability-based addressing for the RISC era. We present CHERI, a hybrid capability model that extends the 64-bit MIPS ISA with byte-granularity memory protection. We demonstrate that CHERI enables language memory model enforcement and fault isolation in hardware rather than soft ware, and that the CHERI mechanisms are easily adopted by existing programs for efficient in-program memory safety.In contrast to past capability models, CHERI complements, rather than replaces, the ubiquitous page-based protection mechanism, providing a migration path towards deconflat ing data-structure protection and OS memory management. Furthermore. CHERI adheres to a strict RISC philosophy: it maintains a load-store architecture and requires only single cycle instructions, and supplies protection primitives to the compiler, language runtime, and operating system.We demonstrate a mature FPGA implementation that runs the FreeBSD operating system with a full range of software and an open-source application suite compiled with an ex tended LLVM to use CHERI memory protection. A limit study compares published memory safety mechanisms in terms of instruction count and memory overheads. The study illustrates that CHERI is peiformance-competitive even while providing assurance and greater flexibility with simpler hardware.

show abstract

Section: A Risc Memory Capability Modelmentioning

confidence: 99%

Section: M-machinementioning

confidence: 99%

See 1 more Smart Citation

The CHERI capability model: Revisiting RISC in an age of risk

Woodruff¹,

Watson²,

Chisnall³

et al. 2014

2014 ACM/IEEE 41st International Symposium on Computer Architecture (ISCA)

183

159

View full text Add to dashboard Cite

show abstract

“…Other hardware systems have implemented similar constructs, e.g., the 64-bit guarded pointers [8] of Carter, et al, avoid translation tables by encoding permission bits and segment sizes in the pointer itself. This allows lightweight (cycle-by-cycle) context switches, allowing instructions from different threads with different security domains to be mixed in a processor pipeline and encouraging more fine-grained separation of privilege domains.…”

Section: Object Capabilitiesmentioning

confidence: 99%

“…With the above assumptions, we can represent the pointer and its base and bound with an overhead of only |B| bits, which is, at most, the log of the size of the address space. This is the scheme used for guarded pointers by Carter [8] and for the Baggy Bounds software scheme [2].…”

Section: Aligned Encodingmentioning

confidence: 99%

Low-fat pointers

Kwon

Dhawan

Smith

et al. 2013

Proceedings of the 2013 ACM SIGSAC Conference on Computer &Amp; Communications Security - CCS '13

View full text Add to dashboard Cite

Referencing outside the bounds of an array or buffer is a common source of bugs and security vulnerabilities in today's software. We can enforce spatial safety and eliminate these violations by inseparably associating bounds with every pointer (fat pointer) and checking these bounds on every memory access. By further adding hardware-managed tags to the pointer, we make them unforgeable. This, in turn, allows the pointers to be used as capabilities to facilitate fine-grained access control and fast security domain crossing. Dedicated checking hardware runs in parallel with the processor's normal datapath so that the checks do not slow down processor operation (0% runtime overhead). To achieve the safety of fat pointers without increasing program state, we compactly encode approximate base and bound pointers along with exact address pointers for a 46b address space into one 64-bit word with a worst-case memory overhead of 3%. We develop gate-level implementations of the logic for updating and validating these compact fat pointers and show that the hardware requirements are low and the critical paths for common operations are smaller than processor ALU operations. Specifically, we show that the fat-pointer check and update operations can run in a 4 ns clock cycle on a Virtex 6 (40nm) implementation while only using 1100 6-LUTs or about the area of a double-precision, floating-point adder.

show abstract

Single address space implementation in distributed systems

Bartoli

Dini

Lopriore

2000

Concurrency: Pract. Exper.

View full text Add to dashboard Cite

With reference to a distributed context consisting of computers connected by a local area network, we present the organization of a memory management system giving physical support to a uniform, persistent vision of storage according to a single address space paradigm. Our system implements a two‐layer storage hierarchy in which the distributed secondary memory stores the valid data items and the primary memory supports a form of data caching, for fast processor access. The proposed system defines a small, powerful set of operations that allow application programs to exert explicit control over the memory management activities at the levels of physical storage allocation, data migration across the network, and the data movements between the secondary memory and the primary memory. The system, that has been implemented in prototype form, is assessed from a number of viewpoints. We show that the storage requirements of the information for memory management are negligible. Moreover, the number of messages necessary to determine the network location of a given data item is low and independent of both the network size and the past movements of this data item in the distributed storage.Copyright © 2000 John Wiley & Sons, Ltd.

show abstract

Hardware support for fast capability-based addressing

Cited by 26 publications

References 14 publications

The CHERI capability model: Revisiting RISC in an age of risk

The CHERI capability model: Revisiting RISC in an age of risk

Low-fat pointers

Single address space implementation in distributed systems

Contact Info

Product

Resources

About