Memory vulnerabilities are a major threat to software integrity, with projects like Android reporting that (as of 2018) more than 90% of the reported vulnerabilities were caused by memory violations.
An important cause of the increasing amount of memory violations is the software bloat that a minimal application usually runs on top of. A good way to reduce the software bloat in the case of a single application is to use a unikernel, a specialized operating system, which contains only the minimal required components of the usual monolithic OS.
To address the memory safety issues and detect memory violations at runtime, we provide a security enhancement in Unikraft, a unikernel SDK, by adding support for Memory Tagging Extension(MTE) in Musl, the default libc used by Unikraft.
In this talk, we detail the steps of adding MTE support in Musl. The process includes adapting the allocation/deallocation functions to use memory areas tagging, testing different applications with MTE enabled to discover potential memory violations, and evaluating the performance impact created by the continuous tag checking.
We will demo MTE with Musl and Unikraft in popular apps such as Nginx, Redis and a simple Python application.