Making Our Computers More Secure

Sethumadhavan’s group noticed that most security issues occur within a computer’s memory, specifically pointers. Pointers are used for managing memory and can lead to memory corruption that can open up the system to hackers who hijack the program. Current techniques to mitigate memory attacks use up a lot of energy and can break software. These methods also greatly affect a system’s performance—cellphone batteries drain quickly, apps run slowly, and computers crash. 

The team set out to address these issues and created a security solution that protects memory without affecting a system’s performance. They call their novel memory security solution, ZeRØ: Zero-Overhead Resilient Operation Under Pointer Integrity Attacks (see ZeRO Overview VIDEO - https://www.youtube.com/watch?v=yoQ4HaQ0Bzc).

ZeRO features a set of memory instructions and a metadata encoding scheme that protects the code and data pointers of a system. This combination eliminates performance overhead—it will not affect the speed of a system. ZeRO requires minor changes to a system’s architecture and it can easily be added to modern processors. Especially critical is that, even when under attack, ZeRO can perform all these functions and avoid crashing a system. 

“ZeRO offers memory security at no cost and it is a perfect complement to systems that mitigate memory attacks,” said Mohamed Tarek, a fourth-year PhD student and co-lead author of the studies. “The keys to widespread adoption of security techniques are low-performance overhead and convenience.”

The second paper that Sethumadhavan’s team will present, No-FAT: Architectural Support for Low Overhead Memory Safety Checks, is a system that makes security checks faster with only a small—8%—effect on the computer’s performance which is 10x faster than current software technique for detecting memory errors. The name is an allusion to no-fat milk, which, as the ads say, “has all the goodness of milk with fewer calories.” 

No-FAT speeds up fuzz testing, a type of automated software testing method, and it is very easy for developers to add it when building a system. The technique builds on a recent trend in software towards binning memory allocators, which uses buckets of different sizes to store memory until it is needed by the software. The researchers found that when binning memory allocation is used by the software, it is possible to achieve memory security with little impact on performance and is compatible with existing software.  

Both ZeRO and No-Fat are targeted at beefing up memory systems to be more resilient against attacks while having little to no effect on a computer system’s speed or power consumption. The bonus is that with both systems, programmers need to do little to nothing to harden their programs. These ideas could transform how memory safety features are currently supported in processors. 

“No-FAT & ZeRO are two major steps toward putting an end to a long-standing problem,” said Miguel Arroyo PhD ’21, who was a co-lead author of the papers. “Memory safety attacks cost the cyber community millions of dollars. Now we can avoid that and keep everyone’s data safe—it’s a win-win!”