skip to main content
research-article

Intel MPX Explained: A Cross-layer Analysis of the Intel MPX System Stack

Published:13 June 2018Publication History
Skip Abstract Section

Abstract

Memory-safety violations are the primary cause of security and reliability issues in software systems written in unsafe languages. Given the limited adoption of decades-long research in software-based memory safety approaches, as an alternative, Intel released Memory Protection Extensions (MPX)---a hardware-assisted technique to achieve memory safety. In this work, we perform an exhaustive study of Intel MPX architecture along three dimensions: (a) performance overheads, (b) security guarantees, and (c) usability issues. We present the first detailed root cause analysis of problems in the Intel MPX architecture through a cross-layer dissection of the entire system stack, involving the hardware, operating system, compilers, and applications. To put our findings into perspective, we also present an in-depth comparison of Intel MPX with three prominent types of software-based memory safety approaches. Lastly, based on our investigation, we propose directions for potential changes to the Intel MPX architecture to aid the design space exploration of future hardware extensions for memory safety.

References

  1. Periklis Akritidis, Manuel Costa, Miguel Castro, and Steven Hand. 2009. Baggy Bounds Checking: An Efficient and Backwards-compatible Defense Against Out-of-bounds Errors. In Proceedings of the 18th Conference on USENIX Security Symposium (Sec). Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. Andrew Alexeev. 2016. nginx: The Architecture of Open Source Applications. http://www.aosabook.org/en/nginx.html. Online; accessed August, 2017.Google ScholarGoogle Scholar
  3. Arthur Azevedo de Amorim, Maxime Dénès, Nick Giannarakis, Catalin Hritcu, Benjamin C. Pierce, Antal SpectorZabusky, and Andrew Tolmach. 2015. Micro-Policies: Formally Verified, Tag-Based Security Monitors. In 36th IEEE Symposium on Security and Privacy (Oakland S&P). Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. Emery D. Berger and Benjamin G. Zorn. 2006. DieHard: Probabilistic Memory Safety for Unsafe Languages. In Proceedings of the 27th Conference on Programming Language Design and Implementation (PLDI). Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. Christian Bienia and Kai Li. 2009. PARSEC 2.0: A New Benchmark Suite for Chip-Multiprocessors. In Proceedings of the 5th Annual Workshop on Modeling, Benchmarking and Simulation (MoBS).Google ScholarGoogle Scholar
  6. The Tor Blog. 2017. Tor Browser 5.5a4-hardened is released. https://blog.torproject.org/blog/tor-browser-55a4- hardened-released. Online; accessed August, 2017.Google ScholarGoogle Scholar
  7. Scott A. Carr and Mathias Payer. 2017. DataShield: Configurable Data Confidentiality and Integrity. In Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security (AsiaCCS). Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. David Chisnall, Colin Rothwell, Robert N.M. Watson, Jonathan Woodruff, Munraj Vadera, Simon W. Moore, Michael Roe, Brooks Davis, and Peter G. Neumann. 2015. Beyond the PDP-11: Architectural Support for a Memory-Safe C Abstract Machine. In Proceedings of the 20th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS). Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. CVE details. 2011. Memcached bug: CVE-2011--4971. http://www.cvedetails.com/cve/cve-2011--4971. Online; accessed August, 2017.Google ScholarGoogle Scholar
  10. Udit Dhawan, Catalin Hritcu, Raphael Rubin, Nikos Vasilakis, Silviu Chiricescu, Jonathan M Smith, Thomas F Knight Jr, Benjamin C Pierce, and Andre DeHon. 2015. Architectural support for software-defined metadata processing. ACM SIGARCH Computer Architecture News (2015). Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. Dinakar Dhurjati and Vikram Adve. 2006. Backwards-compatible array bounds checking for C with very low overhead. In Proceeding of the 28th international conference on Software engineering (ICSE). Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. Dinakar Dhurjati, Sumant Kowshik, and Vikram Adve. 2006. SAFECode: enforcing alias analysis for weakly typed languages. In Proceedings of the 27th Conference on Programming Language Design and Implementation (PLDI). Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. Clang 7 documentation. 2018. Hardware-assisted AddressSanitizer Design Documentation. https://clang.llvm.org/ docs/HardwareAssistedAddressSanitizerDesign.html. Online; accessed May, 2018.Google ScholarGoogle Scholar
  14. Gregory J. Duck and Roland H. C. Yap. 2016. Heap bounds protection with Low Fat Pointers. In Proceedings of the 25th International Conference on Compiler Construction (CC'16). Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. Gregory J. Duck, Roland H. C. Yap, and Lorenzo Cavallaro. 2017. Stack Bounds Protection with Low Fat Pointers. In Proceedings of the 2017 Network and Distributed System Security Symposium (NDSS '17).Google ScholarGoogle Scholar
  16. Frank Eigler. 2016. Mudflap: pointer use checking for C/C++. https://gcc.gnu.org/wiki/Mudflap_Pointer_Debugging. Online; accessed August, 2017.Google ScholarGoogle Scholar
  17. Ilya Enkovich. 2016. Intel(R) Memory Protection Extensions (Intel MPX) support in the GCC compiler. https: //gcc.gnu.org/wiki/Intel%20MPX%20support%20in%20the%20GCC%20compiler. Online; accessed August, 2017.Google ScholarGoogle Scholar
  18. Brad Fitzpatrick. 2004. Distributed Caching with Memcached. In Linux Journal. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. Niranjan Hasabnis, Ashish Misra, and R. Sekar. 2012. Light-weight Bounds Checking. In Proceedings of the 2012 International Symposium on Code Generation and Optimization (CGO). Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. Reed Hastings and Bob Joyce. 1991. Purify: Fast detection of memory leaks and access errors. In Proceedings of the Winter USENIX Conference.Google ScholarGoogle Scholar
  21. John L. Henning. 2006. SPEC CPU2006 benchmark descriptions. ACM SIGARCH Computer Architecture News (2006). Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. Intel Corporation. 2013. Introduction to Intel(R) Memory Protection Extensions. https://software.intel.com/en-us/ Articles/introduction-to-intel-memory-protection-extensions. Online; accessed August, 2017.Google ScholarGoogle Scholar
  23. Intel Corporation. 2016. Intel(R) Memory Protection Extensions Enabling Guide. https://software.intel.com/en-us/ Articles/intel-memory-protection-extensions-enabling-guide. Online; accessed August, 2017.Google ScholarGoogle Scholar
  24. Intel Corporation. 2016. Intel® 64 and IA-32 Architectures Software Developer's Manual.Google ScholarGoogle Scholar
  25. Trevor Jim, Greg Morrisett, Dan Grossman, Michael Hicks, James Cheney, and Yanling Wang. 2002. Cyclone: A safe dialect of C. In Proceedings of the 2002 Annual Technical Conference (ATC). Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. Koen Koning, Xi Chen, Herbert Bos, Cristiano Giuffrida, and Elias Athanasopoulos. 2017. No Need to Hide: Protecting Safe Regions on Commodity Hardware. In Proceedings of the Twelfth European Conference on Computer Systems (EuroSys). Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. Dmitrii Kuvaiskii, Rasha Faqeh, Pramod Bhatotia, Pascal Felber, and Christof Fetzer. 2016. HAFT: Hardware-assisted Fault Tolerance. In Proceedings of the Eleventh European Conference on Computer Systems (EuroSys). Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. Dmitrii Kuvaiskii, Oleksii Oleksenko, Sergei Arnautov, Bohdan Trach, Pramod Bhatotia, Pascal Felber, and Christof Fetzer. 2017. SGXBounds: Memory Safety for Shielded Execution. In Proceedings of the 2017 ACM European Conference on Computer Systems (EuroSys). Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. Volodymyr Kuznetsov, Laszlo Szekeres, Mathias Payer, George Candea, R. Sekar, and Dawn Song. 2014. Code-Pointer Integrity. In 11th USENIX Symposium on Operating Systems Design and Implementation (OSDI). Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. Albert Kwon, Udit Dhawan, Jonathan M. Smith, Thomas F. Knight, Jr., and Andre DeHon. 2013. Low-fat Pointers: Compact Encoding and Efficient Gate-level Implementation of Fat Pointers for Spatial Safety and Capability-based Security. In Proceedings of the 2013 Conference on Computer and Communications Security (CCS). Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. Kayvan Memarian, Justus Matthiesen, James Lingard, Kyndylan Nienhuis, David Chisnall, Robert N. M. Watson, and Peter Sewell. 2016. Into the Depths of C: Elaborating the De Facto Standards. In Proceedings of the 37th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI). Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. Microsoft Research. 2016. Checked C. https://www.microsoft.com/en-us/research/project/checked-c/. Online; accessed August, 2017.Google ScholarGoogle Scholar
  33. Vishwath Mohan, Per Larsen, Stefan Brunthaler, Kevin W. Hamlen, and Michael Franz. 2015. Opaque Control-Flow Integrity. In Proceedings of the 22nd Annual Network and Distributed System Security Symposium (NDSS).Google ScholarGoogle ScholarCross RefCross Ref
  34. Santosh Nagarakatte, Milo M. K. Martin, and Steve Zdancewic. 2015. Everything You Want to Know About PointerBased Checking. In Proceedings of the 1st Summit on Advances in Programming Languages (SNAPL).Google ScholarGoogle Scholar
  35. Santosh Nagarakatte, Jianzhou Zhao, Milo M.K. Martin, and Steve Zdancewic. 2009. SoftBound: Highly Compatible and Complete Spatial Memory Safety for C. In Proceedings of the 30th Conference on Programming Language Design and Implementation (PLDI). Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. Santosh Nagarakatte, Jianzhou Zhao, Milo M.K. Martin, and Steve Zdancewic. 2010. CETS: Compiler Enforced Temporal Safety for C. In Proceedings of the 2010 International Symposium on Memory Management (ISMM). Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. George C. Necula, Scott McPeak, Westley Weimer, George C. Necula, Scott McPeak, and Westley Weimer. 2002. CCured. In Proceedings of the 29th Symposium on Principles of Programming Languages (POPL).Google ScholarGoogle Scholar
  38. Nicholas Nethercote and Julian Seward. 2007. Valgrind: A Framework for Heavyweight Dynamic Binary Instrumentation. In Proceedings of the 2007 Conference on Programming language design and implementation (PLDI). Google ScholarGoogle ScholarDigital LibraryDigital Library
  39. Oleksii Oleksenko, Dmitrii Kuvaiskii, Pramod Bhatotia, Pascal Felber, and Christof Fetzer. 2016. Efficient Fault Tolerance using Intel MPX and TSX. In Proceedings of 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).Google ScholarGoogle Scholar
  40. Oracle. 2017. Introduction to SPARC M7 and Silicon Secured Memory (SSM). https://swisdev.oracle.com/_files/WhatIs-SSM.html. Online; accessed August, 2017.Google ScholarGoogle Scholar
  41. GCC Patches. 2018. Remove MPX support. https://gcc.gnu.org/ml/gcc-patches/2018-04/msg01225.html. Online; accessed May, 2018.Google ScholarGoogle Scholar
  42. Marios Pomonis, Theofilos Petsios, Angelos D. Keromytis, Michalis Polychronakis, and Vasileios P. Kemerlis. 2017. kR xor X: Comprehensive Kernel Protection Against Just-In-Time Code Reuse. In Proceedings of the Twelfth European Conference on Computer Systems (EuroSys). Google ScholarGoogle ScholarDigital LibraryDigital Library
  43. C. Ranger, R. Raghuraman, A. Penmetsa, G. Bradski, and C. Kozyrakis. 2007. Evaluating MapReduce for multi-core and multiprocessor systems. In Proceedings of the 13th International Symposium on High Performance Computer Architecture (HPCA). Google ScholarGoogle ScholarDigital LibraryDigital Library
  44. Olatunji Ruwase and Monica S. Lam. 2004. A Practical Dynamic Buffer Overflow Detector. In Proceeding of the Network and Distributed System Security Symposium (NDSS).Google ScholarGoogle Scholar
  45. Konstantin Serebryany. 2016. Discussion of Intel Memory Protection Extensions (MPX) and comparison with AddressSanitizer. https://github.com/google/sanitizers/wiki/AddressSanitizerIntelMemoryProtectionExtensions. Online; accessed August, 2017.Google ScholarGoogle Scholar
  46. Konstantin Serebryany, Derek Bruening, Alexander Potapenko, and Dmitriy Vyukov. 2012. AddressSanitizer: A Fast Address Sanity Checker. In Proceedings of the 2012 Annual Technical Conference (ATC). Google ScholarGoogle ScholarDigital LibraryDigital Library
  47. Matthew S. Simpson and Rajeev K. Barua. 2013. MemSafe: Ensuring the Spatial and Temporal Memory Safety of C at Runtime. Software Ð Practice and Experience (2013). Google ScholarGoogle ScholarDigital LibraryDigital Library
  48. The Apache software foundation. 2016. Apache HTTP Server Project. http://httpd.apache.org/. Online; accessed August, 2017.Google ScholarGoogle Scholar
  49. Synopsys. 2016. The Heartbleed Bug. http://heartbleed.com/. Online; accessed August, 2017.Google ScholarGoogle Scholar
  50. Laszlo Szekeres, Mathias Payer, Tao Wei, and Dawn Song. 2013. SoK: Eternal War in Memory. In Proceedings of the Symposium on Security and Privacy (SP). Google ScholarGoogle ScholarDigital LibraryDigital Library
  51. Ted Unangst. 2014. Heartbleed vs malloc.conf. http://www.tedunangst.com/flak/post/heartbleed-vs-mallocconf. Online; accessed August, 2017.Google ScholarGoogle Scholar
  52. The Register. 2014. Anatomy of OpenSSL's Heartbleed: Just four bytes trigger horror bug. http://www.theregister.co. uk/2014/04/09/heartbleed_explained/. Online; accessed August, 2017.Google ScholarGoogle Scholar
  53. Victor van der Veen, Nitish Dutt Sharma, Lorenzo Cavallaro, and Herbert Bos. 2012. Memory Errors: The Past, the Present, and the Future. In Proceedings of the 15th International Symposium on Research in Attacks, Intrusions and Defenses (RAID). Google ScholarGoogle ScholarDigital LibraryDigital Library
  54. VN Security. 2013. Analysis of nginx 1.3.9/1.4.0 stack buffer overflow and x64 exploitation (CVE-2013--2028). http: //www.vnsecurity.net/research/2013/05/21/analysis-of-nginx-cve-2013--2028.html. Online; accessed August, 2017.Google ScholarGoogle Scholar
  55. Jonas Wagner, Volodymyr Kuznetsov, George Candea, and Johannes Kinder. 2015. High System-Code Security with Low Overhead. In Proceedings of the 2015 Symposium on Security and Privacy (SP). Google ScholarGoogle ScholarDigital LibraryDigital Library
  56. John Wilander, Nick Nikiforakis, Yves Younan, Mariam Kamkar, and Wouter Joosen. 2011. RIPE: Runtime Intrusion Prevention Evaluator. In Proceedings of the 27th Annual Computer Security Applications Conference (ACSAC) Google ScholarGoogle ScholarDigital LibraryDigital Library
  57. Jonathan Woodruff, Robert N.M. Watson, David Chisnall, Simon W. Moore, Jonathan Anderson, Brooks Davis, Ben Laurie, Peter G. Neumann, Robert Norton, and Michael Roe. 2014. The CHERI Capability Model: Revisiting RISC in an Age of Risk. In Proceeding of the 41st Annual International Symposium on Computer Architecture (ISCA). Google ScholarGoogle ScholarDigital LibraryDigital Library
  58. Yichen Xie, Andy Chou, and Dawson Engler. 2003. ARCHER : Using Symbolic, Path-sensitive Analysis to Detect Memory Access Errors. ACM SIGSOFT Software Engineering Notes (2003). Google ScholarGoogle ScholarDigital LibraryDigital Library
  59. Junfeng Yang, Ang Cui, Sal Stolfo, and Simha Sethumadhavan. 2012. Concurrency Attacks. In Proceedings of the 4th Conference on Hot Topics in Parallelism (HotPar). Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Intel MPX Explained: A Cross-layer Analysis of the Intel MPX System Stack

    Recommendations

    Comments

    Login options

    Check if you have access through your login credentials or your institution to get full access on this article.

    Sign in

    Full Access

    • Published in

      cover image Proceedings of the ACM on Measurement and Analysis of Computing Systems
      Proceedings of the ACM on Measurement and Analysis of Computing Systems  Volume 2, Issue 2
      June 2018
      370 pages
      EISSN:2476-1249
      DOI:10.1145/3232754
      Issue’s Table of Contents

      Copyright © 2018 ACM

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      • Published: 13 June 2018
      Published in pomacs Volume 2, Issue 2

      Permissions

      Request permissions about this article.

      Request Permissions

      Check for updates

      Qualifiers

      • research-article

    PDF Format

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader
    About Cookies On This Site

    We use cookies to ensure that we give you the best experience on our website.

    Learn more

    Got it!