Memory-safety violations in C and C++ programs continue to enable sophisticated exploitation techniques such as control-flow hijacking and data-oriented attacks. Existing hardware defenses either rely on address space layout randomization (ASLR) or attach explicit metadata to pointers to verify their integrity. External metadata schemes provide strong guarantees, but incur additional memory accesses and memory footprint overhead. In-place authentication mechanisms, such as ARM Pointer Authentication (PAC), achieve low overhead at the cost of limited entropy and susceptibility to brute-force and reuse attacks. This paper presents LIPPEN, a hardware-software co-design for full-pointer encryption that provides strong pointer integrity and confidentiality with zero metadata overhead. LIPPEN treats every pointer as an encrypted block, cryptographically binding it to its execution context and decrypting it transparently at dereference time. By re-purposing the entire 64-bit pointer field for encryption rather than preserving raw address bits, LIPPEN maximizes entropy, eliminates the brute-force weaknesses of truncated authentication codes, and maintains binary compatibility with existing PAC-enabled software. We prototype LIPPEN on FPGA using 64-bit RISC-V Rocket and BOOM cores, and evaluate it with microbenchmarks, nbench, and SPEC CPU2017. We compare against both an in-house RISC-V PAC implementation and Apple's PAC on the M1 processor. Across these workloads, LIPPEN provides comprehensive pointer protection with runtime overhead comparable to PAC-based schemes, while incurring negligible area and power overhead. These results show that LIPPEN is a practical design point for deploying strong pointer protection in real processors.

翻译：C和C++程序中违反内存安全的行为持续催生复杂的利用技术，例如控制流劫持和数据导向攻击。现有硬件防御要么依赖地址空间布局随机化，要么为指针附加显式元数据以验证其完整性。外部元数据方案提供了强保证，但会导致额外的内存访问和内存占用开销。原位认证机制（如ARM指针认证）以有限的熵值为代价实现低开销，但易受暴力破解和重用攻击。本文提出LIPPEN，一种面向全指针加密的硬件-软件协同设计方案，在提供强指针完整性和机密性的同时实现零元数据开销。LIPPEN将每个指针视为加密块，通过密码学方式将其绑定到执行上下文，并在解引用时透明解密。通过重新利用整个64位指针字段进行加密而非保留原始地址位，LIPPEN最大化熵值，消除截断认证码的暴力破解弱点，并保持与现有PAC兼容软件的二进制兼容性。我们基于64位RISC-V Rocket和BOOM内核在FPGA上实现了LIPPEN原型，并通过微基准测试、nbench和SPEC CPU2017进行评估。我们将其与自研RISC-V PAC实现及M1处理器上的苹果PAC进行对比。在这些工作负载下，LIPPEN提供全面的指针保护，运行时开销与基于PAC的方案相当，同时面积和功耗开销可忽略不计。结果表明，LIPPEN是在真实处理器中部署强指针保护的实用设计方案。