Picking a CHERI Allocator: Security and Performance Considerations

Jacob Bramley; Dejice Jacob; Andrei Lascu; Jeremy Singer; Laurence Tratt

doi:10.1145/3591195.3595278

Picking a CHERI Allocator: Security and Performance Considerations

Jacob Bramley, Dejice Jacob, Andrei Lascu, Jeremy Singer, Laurence Tratt

Research output: Contribution to journal › Conference paper › peer-review

7 Citations (Scopus)

Abstract

Several open-source memory allocators have been ported to CHERI, a hardware capability platform. In this paper we examine the security and performance of these allocators when run under CheriBSD on Arm's prototype Morello platform. We introduce a number of security attacks and show that all but one allocator are vulnerable to some of the attacks - - including the default CheriBSD allocator. We then show that while some forms of allocator performance are meaningful, comparing the performance of hybrid and pure capability (i.e. "running in non-CHERI vs. running in CHERI modes") allocators does not currently appear to be meaningful. Although we do not fully understand the reasons for this, it seems to be at least as much due to factors such as immature compiler toolchains and prototype hardware as it is due to the effects of capabilities on performance.

Original language	English
Pages (from-to)	111-123
Number of pages	13
Journal	International Symposium on Memory Management, ISMM
DOIs	https://doi.org/10.1145/3591195.3595278
Publication status	Published - 6 Jun 2023
Event	2023 ACM SIGPLAN International Symposium on Memory Management, ISMM 2023 - Orlando, United States Duration: 18 Jun 2023 → 18 Jun 2023

Keywords

capabilities
CHERI
memory allocators
software implementation
validation

Access to Document

10.1145/3591195.3595278

Cite this

@article{4dc9fad908ba466a9f5a5ad061a27642,

title = "Picking a CHERI Allocator: Security and Performance Considerations",

abstract = "Several open-source memory allocators have been ported to CHERI, a hardware capability platform. In this paper we examine the security and performance of these allocators when run under CheriBSD on Arm's prototype Morello platform. We introduce a number of security attacks and show that all but one allocator are vulnerable to some of the attacks - - including the default CheriBSD allocator. We then show that while some forms of allocator performance are meaningful, comparing the performance of hybrid and pure capability (i.e. {"}running in non-CHERI vs. running in CHERI modes{"}) allocators does not currently appear to be meaningful. Although we do not fully understand the reasons for this, it seems to be at least as much due to factors such as immature compiler toolchains and prototype hardware as it is due to the effects of capabilities on performance.",

keywords = "capabilities, CHERI, memory allocators, software implementation, validation",

author = "Jacob Bramley and Dejice Jacob and Andrei Lascu and Jeremy Singer and Laurence Tratt",

note = "Funding Information: We thank Ruben Ayrapetyan, David Chisnall, Jessica Clarke, and Richard Grisenthwaite for comments. This work was funded by the Digital Security by Design (DSbD) Programme delivered by UKRI (grants EP/V000349/1 and EP/V000373/1). Publisher Copyright: {\textcopyright} 2023 ACM.; 2023 ACM SIGPLAN International Symposium on Memory Management, ISMM 2023 ; Conference date: 18-06-2023 Through 18-06-2023",

year = "2023",

month = jun,

day = "6",

doi = "10.1145/3591195.3595278",

language = "English",

pages = "111--123",

journal = "International Symposium on Memory Management, ISMM",

}

TY - JOUR

T1 - Picking a CHERI Allocator

T2 - 2023 ACM SIGPLAN International Symposium on Memory Management, ISMM 2023

AU - Bramley, Jacob

AU - Jacob, Dejice

AU - Lascu, Andrei

AU - Singer, Jeremy

AU - Tratt, Laurence

N1 - Funding Information: We thank Ruben Ayrapetyan, David Chisnall, Jessica Clarke, and Richard Grisenthwaite for comments. This work was funded by the Digital Security by Design (DSbD) Programme delivered by UKRI (grants EP/V000349/1 and EP/V000373/1). Publisher Copyright: © 2023 ACM.

PY - 2023/6/6

Y1 - 2023/6/6

N2 - Several open-source memory allocators have been ported to CHERI, a hardware capability platform. In this paper we examine the security and performance of these allocators when run under CheriBSD on Arm's prototype Morello platform. We introduce a number of security attacks and show that all but one allocator are vulnerable to some of the attacks - - including the default CheriBSD allocator. We then show that while some forms of allocator performance are meaningful, comparing the performance of hybrid and pure capability (i.e. "running in non-CHERI vs. running in CHERI modes") allocators does not currently appear to be meaningful. Although we do not fully understand the reasons for this, it seems to be at least as much due to factors such as immature compiler toolchains and prototype hardware as it is due to the effects of capabilities on performance.

AB - Several open-source memory allocators have been ported to CHERI, a hardware capability platform. In this paper we examine the security and performance of these allocators when run under CheriBSD on Arm's prototype Morello platform. We introduce a number of security attacks and show that all but one allocator are vulnerable to some of the attacks - - including the default CheriBSD allocator. We then show that while some forms of allocator performance are meaningful, comparing the performance of hybrid and pure capability (i.e. "running in non-CHERI vs. running in CHERI modes") allocators does not currently appear to be meaningful. Although we do not fully understand the reasons for this, it seems to be at least as much due to factors such as immature compiler toolchains and prototype hardware as it is due to the effects of capabilities on performance.

KW - capabilities

KW - CHERI

KW - memory allocators

KW - software implementation

KW - validation

UR - http://www.scopus.com/inward/record.url?scp=85163583619&partnerID=8YFLogxK

U2 - 10.1145/3591195.3595278

DO - 10.1145/3591195.3595278

M3 - Conference paper

AN - SCOPUS:85163583619

SP - 111

EP - 123

JO - International Symposium on Memory Management, ISMM

JF - International Symposium on Memory Management, ISMM

Y2 - 18 June 2023 through 18 June 2023

ER -

Picking a CHERI Allocator: Security and Performance Considerations

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this