Maintaining the security of your computer allows you to avoid malware and direct hacking attempts aimed at stealing your personal information. Your internet privacy is dependent on your ability to control the amount of personal information you provide as well as who has access to that information. Researchers recently presented articles on memory safety, which improves the security of computer systems. This new research, which has little to no effect on system performance, is already being used to develop a processor.
Because businesses and governments rely on computers and the internet to run everything from the electric grid to healthcare and water systems, computer security is critical to all of us. It is being breached more frequently: Several securities breaches have occurred in the last month, including the Colonial Pipeline security breach and the JBS Foods ransomware attacks, in which hackers took control of the organization’s computer systems and demanded payment to unlock and return them to the owners. The White House is urging businesses to take ransomware threats seriously and to update their systems to protect themselves. Nonetheless, these attacks continue to pose a daily threat to all of us.
Columbia Engineering computer security experts recently presented two major papers that make computer systems more secure at the International Symposium on Computer Architecture (ISCA), the premier forum for new ideas and research results in computer architecture. This new research, which has little to no effect on system performance, is already being used to develop a processor for the Air Force Research Lab.
Researchers recently presented articles on memory safety that make computer systems more secure. This new research, which has zero to little effect on system performance, is already being used to create a processor.
“For nearly 40 years, memory safety has been a problem, and numerous solutions have been proposed. We believe that memory safety remains a problem because the burden is not distributed fairly among software engineers and end-users “Simha Sethumadhavan, an associate professor of computer science whose research focuses on how computer architecture can be used to improve computer security, agreed. “We believe we have found the right balance of burdens with these two papers.”
Computer security has long been a concern, with many proposed systems working in research settings but not in real-world scenarios. Sethumadhavan believes that the best way to secure a system is, to begin with, the hardware and then move on to the software. The fact that he has significant grants from both the Office of Naval Research and the United States Air Force underscores the importance of his research, and his Ph.D. students have received a Qualcomm Innovation Fellowship to develop practical security solutions.
Sethumadhavan’s team discovered that the majority of security flaws occur in a computer’s memory, specifically pointers. Pointers are used to manage memory and can cause memory corruption, opening the system up to hackers who can hijack the program. Current techniques for mitigating memory attacks consume a lot of energy and can cause software to fail. These methods also have a significant impact on system performance, causing cellphone batteries to drain quickly, apps to run slowly, and computers to crash.
The team set out to address these issues by developing a security solution that protects memory while not interfering with system performance. ZeR stands for Zero-Overhead Resilient Operation Under Pointer Integrity Attacks, and it is the name given to their novel memory security solution.
ZeRO includes a set of memory instructions as well as a metadata encoding scheme that protects a system’s code and data pointers. This combination eliminates performance overhead and has no effect on system speed. ZeRO requires only minor changes to a system’s architecture and can be easily incorporated into modern processors. Even when under attack, ZeRO can perform all of these functions while avoiding system failure.
“Zero provides memory security at no cost and is an ideal complement to systems that mitigate memory attacks,” said Mohamed Tarek, a fourth-year PhD student and co-lead author on the studies. “Low performance overhead and convenience are the keys to widespread adoption of security techniques.”
The second paper, No-FAT: Architectural Support for Low Overhead Memory Safety Checks, will be presented by Sethumadhavan’s team. It is a system that makes security checks faster with only a small 8% effect on computer performance, and it is 10x faster than the current software technique for detecting memory errors. The name is a play on no-fat milk, which, according to the advertisements, “has all the goodness of milk with fewer calories.”
Fuzz testing, a type of automated software testing method, is sped up by No-FAT, and developers can easily incorporate it when building a system. The technique builds on a recent software trend toward binning memory allocators, which use buckets of varying sizes to store memory until it is needed by the software. The researchers discovered that when binning memory allocation is used by software, memory security can be achieved with little impact on performance and is compatible with existing software.
Both ZeRO and No-Fat are aimed at strengthening memory systems in order to make them more resilient to attacks while having little to no effect on a computer system’s speed or power consumption. The advantage of both systems is that programmers need to do very little to harden their programs. These concepts have the potential to change the way memory safety features are currently supported in processors.