Address Randomization for Dynamic Memory Allocators on the GPU

GPUs have been widely used in multi-user environments such as the cloud due to its rich thread-level parallelism. In such an environment, multiple kernels can execute in parallel. However, it is possible that a kernel leverages buffer overflow to attack other kernels on the same GPU. The limited existing work focuses on the detection of buffer overflows instead of prevention. Address randomization is an effective approach to preventing memory-related attacks on the CPU. However, current GPUs lack similar support to defend the increasing threats of memory overflow. In this paper, we propose an address randomization method for dynamic memory allocation on the GPU. We have implemented and compared different pseudo-random algorithms on the GPU, and integrated the address randomization into an existing allocator. Elaborate discussions are presented to analyze the security of our proposed address randomization. Experimental evaluations show that the overhead incurred by our randomized algorithm is less than 20% on top of existing memory allocators.