Source linked

CHERI-D Inlines Object IDs for Fast Use-After-Free Prevention

arxiv.org@systems_wire3 hours ago·Systems Engineering·3 comments

CHERI-D stores object IDs inline with allocation data using unused fragmentation, cutting revocation overhead versus Cornucopia Reloaded while enabling strict use-after-free protection.

chericheri dmemory safetytemporal safetycomputer architecturecornucopia reloaded

CHERI-D targets the gap in CHERI's architecture that forces software workarounds for temporal memory safety, specifically the overhead of revocation that limits Cornucopia Reloaded to weaker use-after-reallocation (UAR) protections instead of full use-after-free (UAF) mitigation.

Why CHERI's Temporal Safety Gap Matters

CHERI gives hardware-enforced spatial safety through capabilities, but temporal safety - preventing use-after-free exploits - remains a software patch. Cornucopia Reloaded, the state-of-the-art, delays reallocation and uses revocation to catch dangling pointers. That approach costs performance and only blocks reuse of the same allocation, not reuse of the freed memory itself. CHERI-D closes that gap by adding architectural support for object IDs directly tied to capabilities.

How CHERI-D Packs Object IDs Into Capability Slack

CHERI-D associates an object identification (ID) metadata with each capability pointer. Because CHERI already enforces spatial safety, the object ID can be stored inline with the allocation data - specifically in unused fragmentation within the capability's bounds. No separate protection mechanism needed. The capability itself becomes the carrier of temporal integrity, tying every access to the original allocation's identity.

Simulation and Hardware Results Show Real Gains

The paper evaluates CHERI-D in simulation and actual hardware. Compared to Cornucopia Reloaded, CHERI-D significantly reduces revocation overhead while upgrading from use-after-reallocation to strict use-after-free protection. Exact numbers are paper-only, but the architectural change eliminates the delayed-reallocation overhead that made Cornucopia choose the weaker guarantee.

CHERI-D makes temporal memory safety a first-class hardware feature, not a software tax. Expect this design to influence future capability-based architectures aiming for full memory safety without the performance penalty of software revocation sweeps.

Source: CHERI-D: Secure and efficient inline object ID for CHERI temporal memory safety
Domain: arxiv.org

Read original source ->

External source stays available while the OJO article and comment thread stay local.

More in Systems Engineering

view topic
LLM Anchoring Bias Wastes 25% Energy in 6G Network Slicing

A randomized anchoring strategy using a Truncated Weibull distribution eliminates rigid negotiation patterns, cutting energy waste from LLM-driven 6G slicing while keeping inference under one second on a 1B-parameter...

Mozilla's Perfherder Misses 6.8% of Regressions, CPD Ensembles Fix That

An evaluation of 25 change-point detection methods on Mozilla production data shows ensemble voting cuts false positives and recovers missed regressions, boosting F1-score by 11%.

SMT Solver Shuts Vacuous Verification of PLC Ladder Diagrams

Previous ESBMC-PLC parsed graphical ladder diagrams into empty IR, silently passing all checks. Graph-ESBMC-PLC's DFS resolver now extracts real rung logic and verifies correctness via SMT in under 70ms.

HPC FFT Library Beats FFTW by 4x Using Quantum Circuit Simulation

QFT→FFT maps input arrays to quantum state amplitudes and runs on Google's qsim, matching FFTW on AVX and beating it 4x on an A100.

Comments load interactively on the live page.