Archipelago: Trading Address Space for Reliability and Security

Free registration required

Executive Summary

Memory errors are a notorious source of security vulnerabilities that can lead to service interruptions, information leakage and unauthorized access. Because such errors are also difficult to debug, the absence of timely patches can leave users vulnerable to attack for long periods of time. A variety of approaches have been introduced to combat these errors, but these often incur large runtime overheads and generally abort on errors, threatening availability. This paper presents Archipelago, a runtime system that takes advantage of available address space to substantially reduce the likelihood that a memory error will impact program execution. Archipelago randomly allocates heap objects far apart in virtual address space, effectively isolating each object from buffer overflows.

  • Format: PDF
  • Size: 404.1 KB