Practical Byte-Granular Memory Blacklisting using Califorms

Califorms provides a low overhead security solution for practical, byte-granular memory safety.

Providing overflow protection is important for many applications. OSes can track allocated memory pages through page tables, so that access to uninitialized pages will result in a page fault. But we need more fine-grained memory safety.

Maintaining expensive metadata to tracking invalid memory greatly reduces the performance, thus is unacceptable.

SafeMem use ECC bits to mark memory regions invalid, thus trading off reliability for security. However, Byte-Granular Memory Blacklisting is not supported.

Spare ECC bits

Califorms also employ ECC bits to indicate if a cache line (data block) is all valid or partially valid. If a cache line contains dead bytes, it’s format is different and such information is encoded into a special header in L2 cache. The format conversion between L1 and L2 is transparent and accelerated by hardware.

Califorms

Bitvector

In L1, the bitvector is enabled to indicates whether each byte is a security byte.

Bitvector