M4Secure: Making Memory Management More Secure
Lead Research Organisation:
University of Glasgow
Department Name: School of Computing Science
Abstract
Memory management is an essential feature of computing software. During execution time, a program will frequently call a memory allocator library to request space on the computer memory to store data. Unfortunately, memory management systems are vulnerable. According to recent studies from Microsoft and Google, memory bugs account for 70% of critical software vulnerabilities, which can crash our important IT infrastructures and leak confidential and personal data. Such problems are frequently caused by (mis)management of dynamically allocated memory. At the same time, memory allocation is also significant for performance. A large proportion of program execution time is devoted to memory management routines.
The hardware industry responds to severe memory vulnerabilities by adding secure extensions to mainstream processor families. These new hardware facilities provide fundamental mechanisms for more secure memory allocators. Still, their full benefits are yet to be seen due to the massive developer effort required to write or optimise a memory management codebase and the further effort to re-target the code to new architectures. For example, the state-of-the-art snmalloc secure memory allocator comprises 25,000 lines of code painstakingly developed by leading industrial practitioners over four years. Yet, it only supports a small set of hardware security features.
A crisis is looming - without a solution, either hardware innovation in security mechanisms will stall as software cannot fit, or we will have to continue to suffer from frequent security issues due to memory bugs. Such a crisis requires us to fundamentally rethink how we implement memory management libraries.
This project will develop an entirely new way to build memory allocators. It aims to massively reduce human involvement in developing and optimising memory management libraries to target a diverse range of hardware architectures. Our approach involves specifying the required memory management attributes and then synthesising performant memory management code to satisfy these specifications. Our approach ensures such code is correct by construction by using model-checking techniques to verify the generated code match the expected behaviour and enhanced security requirements. Further, we will support a range of processor backends featuring recently proposed novel secure extensions for hardware architectures.
Our work is enabled by the recent advance in deep learning for code generation and formal methods for modelling large-scale software systems. The recent breakthrough of ML in generating new and better matrix multiplication implementation and its demonstrated effectiveness in game playing, natural language processing and autonomous systems gives us the confidence that it is now possible to generate correct and performant memory management libraries. If AI can learn to drive a car, it must be able to reason about carefully designed security properties and primitives to generate memory allocator code.
This ambitious project, if successful, will have a transformative impact on how we design memory management libraries. Our software prototype will be open-sourced and be applied to real-life applications. Given the accelerated and disrupted changes in hardware security design and the massive mismatch between software and hardware, success in this project will be of interest to companies that provide hardware IP and software development tools, two areas in which the UK is world-leading. It will also help reduce the number of memory-related bugs and improve application performance so that the general public can benefit from more secure and efficient computer systems.
We believe we have the team, partners and work plan to achieve the ambitious goal. We are ideally placed to carry out the proposed research, possessing key skills in the primary research areas of memory management, formal verification and ML-based code synthesis and optimisation.
The hardware industry responds to severe memory vulnerabilities by adding secure extensions to mainstream processor families. These new hardware facilities provide fundamental mechanisms for more secure memory allocators. Still, their full benefits are yet to be seen due to the massive developer effort required to write or optimise a memory management codebase and the further effort to re-target the code to new architectures. For example, the state-of-the-art snmalloc secure memory allocator comprises 25,000 lines of code painstakingly developed by leading industrial practitioners over four years. Yet, it only supports a small set of hardware security features.
A crisis is looming - without a solution, either hardware innovation in security mechanisms will stall as software cannot fit, or we will have to continue to suffer from frequent security issues due to memory bugs. Such a crisis requires us to fundamentally rethink how we implement memory management libraries.
This project will develop an entirely new way to build memory allocators. It aims to massively reduce human involvement in developing and optimising memory management libraries to target a diverse range of hardware architectures. Our approach involves specifying the required memory management attributes and then synthesising performant memory management code to satisfy these specifications. Our approach ensures such code is correct by construction by using model-checking techniques to verify the generated code match the expected behaviour and enhanced security requirements. Further, we will support a range of processor backends featuring recently proposed novel secure extensions for hardware architectures.
Our work is enabled by the recent advance in deep learning for code generation and formal methods for modelling large-scale software systems. The recent breakthrough of ML in generating new and better matrix multiplication implementation and its demonstrated effectiveness in game playing, natural language processing and autonomous systems gives us the confidence that it is now possible to generate correct and performant memory management libraries. If AI can learn to drive a car, it must be able to reason about carefully designed security properties and primitives to generate memory allocator code.
This ambitious project, if successful, will have a transformative impact on how we design memory management libraries. Our software prototype will be open-sourced and be applied to real-life applications. Given the accelerated and disrupted changes in hardware security design and the massive mismatch between software and hardware, success in this project will be of interest to companies that provide hardware IP and software development tools, two areas in which the UK is world-leading. It will also help reduce the number of memory-related bugs and improve application performance so that the general public can benefit from more secure and efficient computer systems.
We believe we have the team, partners and work plan to achieve the ambitious goal. We are ideally placed to carry out the proposed research, possessing key skills in the primary research areas of memory management, formal verification and ML-based code synthesis and optimisation.
| Description | Scotland-Asia Partnerships Higher education Research (SAPHIRE) Fund |
| Amount | £5,500 (GBP) |
| Organisation | Royal Society of Edinburgh (RSE) |
| Sector | Charity/Non Profit |
| Country | United Kingdom |
| Start | 03/2024 |
| End | 06/2024 |
| Title | glasgowPLI/micropython: CC 2025 Artifact Evaluation |
| Description | This release of our CHERIoT MicroPython software is intended for artifact evaluation for the CC 2025 conference. It contains the full set of performance results from our paper, evaluated across 10 Python benchmarks on the Sonata system, comparing both CHERI and non-CHERI builds of MicroPython. In the accompanying evaluation.zip file (https://github.com/glasgowPLI/micropython/releases/download/cheriot-cc-2025-eval/evaluation.zip) (a binary asset in our github release), there are full instructions regarding artifact evaluation in the README.md file. |
| Type Of Technology | Software |
| Year Produced | 2025 |
| Impact | 3x ACM artifact reproducibility badges awarded. |
| URL | https://zenodo.org/doi/10.5281/zenodo.14685666 |
| Title | glasgowPLI/micropython: CC 2025 Artifact Evaluation |
| Description | This release of our CHERIoT MicroPython software is intended for artifact evaluation for the CC 2025 conference. It contains the full set of performance results from our paper, evaluated across 10 Python benchmarks on the Sonata system, comparing both CHERI and non-CHERI builds of MicroPython. In the accompanying evaluation.zip file (https://github.com/glasgowPLI/micropython/releases/download/cheriot-cc-2025-eval/evaluation.zip) (a binary asset in our github release), there are full instructions regarding artifact evaluation in the README.md file. |
| Type Of Technology | Software |
| Year Produced | 2025 |
| Open Source License? | Yes |
| URL | https://zenodo.org/doi/10.5281/zenodo.14685665 |
| Description | CHERI workshop (Australia) |
| Form Of Engagement Activity | A talk or presentation |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Industry/Business |
| Results and Impact | 30 technical experts attended a briefing session on CHERI technology, to learn about how to apply it to legacy C/C++ systems code. |
| Year(s) Of Engagement Activity | 2024 |
| URL | https://comp.anu.edu.au/foundations/seminars/past/2024-05-17/ |
| Description | CHERI workshop (Singapore) |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Professional Practitioners |
| Results and Impact | 50 software engineers from university and industry attended a briefing session on CHERI technology. |
| Year(s) Of Engagement Activity | 2024 |
| Description | DSbD showcase event |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | National |
| Primary Audience | Industry/Business |
| Results and Impact | We demonstrated secure CHERI runtime technologies in a booth at the DSbD showcase event in London. |
| Year(s) Of Engagement Activity | 2024 |
| URL | https://www.dsbd.tech/event/uks-digital-security-by-design-showcase-2025/ |
| Description | FutureScot Cyber Security Show |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | National |
| Primary Audience | Professional Practitioners |
| Results and Impact | Around 200 people attended the FutureScot Cyber Security show in Glasgow, 27 Feb 2024. We had a stall demonstrating CHERI hardware and capability-enabled software - which provoked lots of conversations, raising awareness about memory-safe technologies. We also had a Q+A time in the plenary session with more than 200 participants. |
| Year(s) Of Engagement Activity | 2024 |
| URL | https://futurescot.com/futurescot-conferences/cyber-security-2024/ |
| Description | POCL talk |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Professional Practitioners |
| Results and Impact | Talk at the Principles of Capability Languages workshop, outlining how sealed capabilities are used. |
| Year(s) Of Engagement Activity | 2024 |
| URL | https://popl24.sigplan.org/details/pocl-2024-papers/7/Sealed-with-a-Library-Call-Memory-Allocators-S... |
| Description | SICSA PhD summer school |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | National |
| Primary Audience | Postgraduate students |
| Results and Impact | 30 PhD students attended an interactive workshop on CHERI technologies as part of a cybersecurity summer school. |
| Year(s) Of Engagement Activity | 2024 |
| URL | https://sicsa.ac.uk/event/2024-sicsa-phd-conference/ |
| Description | Strathclyde Cybersecurity summer school |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Postgraduate students |
| Results and Impact | 50 computing students learned about CHERI technologies in a hands-on workshop. |
| Year(s) Of Engagement Activity | 2024 |
| URL | https://www.strath.ac.uk/science/computerinformationsciences/strathcyber/cybercrimesummerschool/ |
| Description | Talk about CHERI allocators and ChatGPT |
| Form Of Engagement Activity | A talk or presentation |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Industry/Business |
| Results and Impact | Presentation about using ChatGPT and LLMs to synthesize code for systems software including memory allocators. |
| Year(s) Of Engagement Activity | 2023 |
| URL | https://www.youtube.com/watch?v=CGE905k-ils |
| Description | VeTSS Summer School session on CHERI |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | National |
| Primary Audience | Postgraduate students |
| Results and Impact | 60 students learned about CHERI technologies in an interactive workshop. |
| Year(s) Of Engagement Activity | 2024 |
| URL | https://wp.doc.ic.ac.uk/vss24/programme/ |