Protecting the Stack with Metadata Policies and Tagged Hardware

Explore innovative stack protection techniques using metadata policies and tagged hardware in this IEEE Symposium on Security & Privacy conference talk. Dive into the design of novel metadata-tag based security policies for general-purpose tagged architectures, focusing on exploiting the natural locality of dynamic program call graphs. Learn about the Return Address Protection, Static Authorities, and Depth Isolation policies, their performance overheads, and effectiveness in enforcing memory safety and data-flow integrity. Examine a stack threat taxonomy and compare these new approaches with prior protection mechanisms. Gain insights into the challenges of tagging stack memory and the benefits of lazy tagging strategies.

Intro
Overview
The call stack
Stack example
Slack attacks
What if the stack was labeled?
Tagged architecture (the PUMP)
Checking a stack access
What else do we need?
Largest cost: tagging stack memory
What if we're lazy?
Laziness results
Summary