"Columbia Engineering Researchers Design New Techniques to Bolster Memory Safety"
Columbia Engineering researchers recently presented two major papers at the International Symposium on Computer Architecture (ISCA) that improve the security of computer systems. These new studies have zero to little effect on system performance and are already being used to create a processor for the Air Force Research Lab. Simha Sethumadhavan, associate professor of computer science, said memory safety, which has been a problem for nearly 40 years, continues to be a problem because its burden is not distributed fairly among software engineers and end-users. The two papers are believed to have found the right balance of burdens. Sethumadhavan's team found that most security issues take place within a computer's memory, specifically pointers. Pointers are used in the management of memory, and they can lead to memory corruption, which leaves the system vulnerable to hackers who hijack the program. Current mitigation methods for memory attacks consume a lot of energy and can break software. These methods also significantly impact system performance (e.g., cellphone batteries drain quickly, apps run slowly, and computers crash). The group created a novel memory security solution called ZeRO that features a set of memory instructions and a metadata encoding scheme, protecting a system's code and data pointers. This combination is said to eliminate performance overhead as it does not affect the speed of a system. The team's second paper presents a system called No-FAT that increases the speed at which security checks are performed without greatly affecting the computer's performance. According to the researchers, No-FAT speeds up fuzz testing and is easy for developers to add when building a system. Both ZeRO and No-FAT aim to make memory systems more resilient against attacks while having little to no impact on computer speed or power consumption. This article continues to discuss why memory safety has remained an issue for so long and the solutions developed by Columbia Engineering researchers to strengthen memory safety.