| 摘要: |
| 内存安全问题长期构成计算机系统的核心安全隐患。尽管软件层面的防御与检测技术不断演进,但始终面临性能开销高、
覆盖范围有限及兼容性差的“三难困境”。随着处理器架构的持续发展,主流商用处理器(如 x86、Arm 和 RISC-V)相继引
入了多种内存安全扩展原语。相较于全新的实验性架构,这些商用硬件原语已在现有软硬件生态中广泛部署,技术成熟度较高,
为在现实系统中快速构建高效的安全防护机制提供了可行基础。
本文对基于商用内存安全硬件的安全应用技术进行了系统而全面的综述。首先,阐述了内存安全漏洞的成因及其典型攻击
模型;其次,对现有商用内存安全硬件机制进行了深入分析,并从完整性保护、机密性隔离与漏洞检测三个维度对相关硬件原
语进行了分类。在应用层面,围绕内存完整性、内存机密性与漏洞检测三类安全目标,系统梳理了基于商用硬件原语构建的防
御与分析方案,涵盖空间与时间安全、控制流完整性以及数据流完整性等关键问题。进一步地,本文从安全覆盖范围、性能开
销、兼容性与部署复杂度等方面,对不同机制进行了横向对比分析,揭示了各类方案在实际系统中的适用场景与局限性。最后,
结合处理器体系结构与操作系统的发展趋势,讨论了商用内存安全硬件机制面临的关键挑战,并对未来软硬件协同设计的内存
安全防御方向进行了展望。 |
| 关键词: 内存安全,漏洞防御,硬件安全,系统安全 |
| DOI: |
| 投稿时间:2026-01-22修订日期:2026-04-30 |
| 基金项目:中国科学院重点资助项目 |
|
| A Survey of Applications of Commercial Hardware-Based Memory Security Defense Mechanisms |
|
ouyangciyan, lipeinan, hourui
|
| (Institute of Information Engineering) |
| Abstract: |
| Memory safety vulnerabilities have long remained a fundamental security threat in computer systems. Although
software-based defense and detection techniques have continuously evolved, they often suffer from the well-known “trilemma” of high performance overhead, limited coverage, and poor compatibility. With the ongoing evolution of
processor architectures, mainstream commercial processors, such as x86, Arm, and RISC-V, have introduced a variety of
memory safety extension primitives. Compared with experimental clean-slate architectures, these commercial hardware
primitives have been widely deployed in existing software and hardware ecosystems and have reached a relatively high
level of maturity, providing a practical foundation for building efficient security mechanisms in real-world systems. This paper presents a systematic and comprehensive survey of security applications based on commercial memory
safety hardware. First, it elaborates on the root causes of memory safety vulnerabilities and their typical attack models. Then, existing commercial memory safety hardware mechanisms are thoroughly analyzed and classified into three
categories: integrity protection, confidentiality isolation, and vulnerability detection primitives. From the application
perspective, the paper reviews defense and analysis schemes built upon commercial hardware primitives with respect to
three security goals, namely memory integrity, memory confidentiality, and vulnerability detection, covering key issues
such as spatial and temporal safety, control-flow integrity, and data-flow integrity. Furthermore, a comparative analysis is
conducted across multiple dimensions, including security coverage, performance overhead, compatibility, and deployment
complexity, to highlight the applicability and limitations of different approaches in practical systems. Finally, considering
the evolution trends of processor architectures and operating systems, the paper discusses open challenges and outlines
future directions for memory safety defenses based on hardware–software co-design. |
| Key words: memory safety vulnerability defense hardware security system security |
