Skip to content Skip to navigation

Intel Memory Protection Extensions.

Wednesday, July 24, 2013

Intel’s recently-proposed Memory Protection Extensions include several features similar to those proposed in Prof. Santosh Nagarakatte’s Ph.D. dissertation.

Santosh’s dissertation proposes mechanisms to provide comprehensive memory safety (protection against both buffer overflows and use-after-free vulnerabilities) that works with mostly unmodified C code with a low performance overhead, which is accomplished using a pointer-based approach where metadata is maintained with pointers and checked on every pointer dereference.   To enable compatibility with existing code,  the metadata for the pointers in memory is maintained in a disjoint metadata space leaving the memory layout of the program intact.  Santosh’s dissertation demonstrates that such an approach when implemented in different parts of the tool-chain—compiler, hardware, and compiler-hardware hybrid—can provide comprehensive safety with reasonable tradeoffs with respect to performance overheads and implementation costs.

Intel Memory Protection Extensions (MPX) is  a set of ISA extensions to hardware accelerate pointer-based checking for detecting buffer overflows (similar to the extensions in  Chapter 6 of Santosh’s dissertation). MPX adds new bounds registers and new instructions to manipulate them.  It uses per-pointer disjoint metadata and the metadata space is organized using a two-level trie.  In essence, this is hardware support that closely matches Intel’s Pointer Checker compiler (which in turn is highly similar to SoftBound—Santosh’s PLDI 2009 paper).

The focus of the current MPX  ISA specification is on bounds checking; there appears to be no discussion of use-after-free vulnerabilities. A description and the specification for the new ISA extensions are available at:
See MPX ISA extensions in Chapter 9 of:

And see Santosh’s dissertation at