A technical paper titled “RV-CURE: A RISC-V Capability Architecture for Full Memory Safety” was published by researchers at Georgia Institute of Technology and Arm Research.
“Despite decades of efforts to resolve, memory safety violations are still persistent and problematic in modern systems. Various defense mechanisms have been proposed, but their deployment in real systems remains challenging because of performance, security, or compatibility concerns. In this paper, we propose RV-CURE, a RISC-V capability architecture that implements full-system support for full memory safety. For capability enforcement, we first propose a compiler technique, data-pointer tagging (DPT), applicable to protecting all memory types. It inserts a pointer tag in a pointer address and associates that tag with the pointer’s capability metadata. DPT enforces a capability check for every memory access by a tagged pointer and thereby prevents illegitimate memory accesses. Furthermore, we investigate and present lightweight hardware extensions for DPT based on the open-source RISC-V BOOM processor. We observe that a capability-execution pipeline can be implemented in parallel with the existing memory-execution pipeline without intrusive modifications. With our seamless hardware integration, we achieve low-cost capability checks transparently performed in hardware. Altogether, we prototype RV-CURE as a synthesized RTL processor and conduct full-system evaluations on FPGAs running Linux OS. Our evaluations show that RV-CURE achieves strong memory safety at a 10.8% slowdown across the SPEC 2017 C/C++ workloads.”
Find the technical paper here. Published August 2023.
Yonghae Kim, Anurag Kar, Jaewon Lee, Jaekyu Lee, and Hyesoon Kim. “RV-CURE: A RISC-V Capability Architecture for Full Memory Safety.” 2023. arXiv:2308.02945v1.
Related Reading
Power/Performance Costs Of Securing Systems
Security requires significant overhead, but it is no longer an option to ignore it. Cybercriminals will continue to exploit weak components.
How Secure Are RISC-V Chips?
Open source by itself doesn’t guarantee security. It still comes down to the fundamentals of design.
Leave a Reply