Summary RV-CURE A RISC-V Capability Architecture for Full Memory Safety arxiv.org
11,736 words - PDF document - View PDF document
One Line
RV-CURE is a RISC-V capability architecture that ensures memory safety and protection for all memory types through data-pointer tagging in computer systems.
Slides
Slide Presentation (11 slides)
Key Points
- RV-CURE is a RISC-V capability architecture that aims to achieve full memory safety in computer systems.
- The architecture uses a compiler technique called data-pointer tagging (DPT) to protect all memory types.
- DPT eliminates metadata from the CMT and allows tagged pointers to remain tagged upon object deallocation.
- RV-CURE uses tagged pointers and capability metadata to provide full memory safety.
- The architecture includes instructions such as xtag, cstr, and cclr to manipulate tagged pointers and store capability metadata in a capability metadata table (CMT).
- The RV-CURE architecture implements a capability-execution pipeline to validate potentially unsafe memory accesses.
- Modifications to the RTL synthesis task have a negligible impact on performance.
- Various techniques such as the CHERI capability model, Hardbound, Watchdog, and Intel Memory Protection Extensions are used to enforce memory safety through metadata and bounds checking.
Summaries
23 word summary
RV-CURE is a RISC-V capability architecture that uses data-pointer tagging to protect all memory types and achieve full memory safety in computer systems.
37 word summary
RV-CURE is a RISC-V capability architecture that aims to achieve full memory safety in computer systems. The architecture proposes a compiler technique called data-pointer tagging (DPT) to protect all memory types, including stack, heap, and global memory.
541 word summary
RV-CURE is a RISC-V capability architecture that aims to achieve full memory safety in computer systems. The architecture proposes a compiler technique called data-pointer tagging (DPT) to protect all memory types, including stack, heap, and global memory.
DPT is a new approach for memory safety that eliminates metadata from the CMT and allows tagged pointers to remain tagged upon object deallocation. This approach can be applied to all memory types and does not require non-trivial memory sweep operations. To achieve
Memory safety issues in software are different from hardware-oriented attacks such as out-of-order execution attacks. Mitigations for these two types of attacks are typically separate, although memory safety defenses can be used for resiliency against speculative attacks. However, recent
This text excerpt discusses the RV-CURE architecture, which is a RISC-V capability architecture that provides full memory safety. The architecture uses a pointer-tagging approach to maintain compatibility with conventional programming models, allowing instrumented programs to run with unmodified legacy
The RV-CURE architecture uses tagged pointers and capability metadata to provide full memory safety. The architecture includes instructions such as xtag, cstr, and cclr to manipulate tagged pointers and store capability metadata in a capability metadata table (CMT). To
RV-CURE is a RISC-V capability architecture that ensures memory safety by enforcing strict capability checks in hardware. It uses tagged pointers to protect memory objects. The capability metadata are released before the current function returns, and they are stored right after dynamic memory
In the RV-CURE architecture, a capability-execution pipeline is implemented to validate potentially unsafe memory accesses. The pipeline includes shadow load and store queues, arbitration and comparison logics, and capability load requests. The SLQ and SSQ verify memory accesses
The authors of the document confirm that their modifications have a negligible impact on the RTL synthesis task. They prioritize regular memory requests over capability requests to minimize performance impact. They also introduce on-chip buffers to reduce capability requests. They introduce a capability cache (
To enable the RV-CURE capability architecture, a custom system call called -dpt-set() is added to interface with control and status registers (CSRs) at program entry. Additional CSRs are included for debugging and runtime statistics. Out-of-order
In the document "RV-CURE A RISC-V Capability Architecture for Full Memory Safety," the authors discuss their implementation of a RISC-V capability architecture called RV-CURE. They evaluate the performance and effectiveness of different configurations of RV-CURE, including
This excerpt discusses different approaches to implementing memory safety in computer systems. The CHERI capability model, Hardbound, Watchdog, and Intel Memory Protection Extensions are all examples of systems that use various techniques to enforce memory safety through metadata and bounds checking.
RV-CURE is a RISC-V capability architecture that provides full memory safety. The proposed architecture includes a generalized data-pointer tagging method called DPT for capability enforcement. To optimize performance, lightweight hardware extensions for DPT based on the RISC-V BO
Rhett Davis et al. introduced Freepdk, an open-source variation-aware design kit, in 2007. Laszlo Szekeres et al. discussed the eternal war in memory in 2013. In 2018, Jo
This text excerpt includes a list of references to various research papers and resources related to memory safety, cache side-channel attacks, and vulnerability mitigation. The references cover topics such as hardware-based memory management, dynamic taint analysis, cache attacks, and counterme