The Spectre and Meltdown vulnerabilities of 2018 exposed computer memory as an easy target for hackers to inject malicious code and steal data. The aftermath spurred the adoption of memory-safe chips and programming tools to protect a computer’s cache and RAM, where data is temporarily stored while programs are running.

Microsoft is accelerating efforts to protect memory in its Windows systems from flaws such as buffer overflows, which could allow hackers to inject malicious code or steal data from memory. The company is transitioning many system applications to the Rust programming language, which it hopes will solve memory safety issues caused by code written in C++. C++ is not memory safe and can cause buffer overflows.

In addition, a group of chip manufacturers in June formed a consortium called CHERI Alliance, which is developing a secure hardware architecture to protect data in memory.

Memory-safe architectures and programming languages ​​eliminate potential opportunities for human programmer error, says James Sanders, an analyst at TechInsights. “It is extraordinarily easy to inadvertently introduce a memory-safety-related vulnerability in languages ​​like C and C++, even for highly skilled, formally trained programmers, in development scenarios that enforce best practices,” Sanders says.

About three-quarters of the bugs Microsoft fixes fall into the memory safety category, says Dave Weston, vice president of enterprise and OS security at Microsoft.

Microsoft is initially transitioning system firmware and software that manages PC hardware from C++ to Rust. The transition to Rust is part of a program called the Secure Future Initiative, which aims to make hardware reliable and secure, Weston said.

The company has mandated a security chip called Pluton in its new AI PCs, which authenticates users and protects biometric data.

“We ported our real-time operating system running on Pluton to a Rust-based operating system,” Weston said.

CHERI’s goal is to reduce risks

The CHERI (Capability, Hardware, Enhanced RISC Instructions) Alliance creates a hardware and software protection model for memory. The goal of the alliance is to reduce the risk of memory bugs and hacks, which are often patched by software and hardware makers.

CHERI creates a memory audit layer by encoding data that is verified every time the memory is accessed, said Franz Fuchs, a researcher at the University of Cambridge, during a presentation at the RISC-V Summit Europe in June.

The tagged data describes the memory area, memory type, capabilities, and other information based on which access to data in memory is authenticated and authorized.

The University of Cambridge has developed memory-safe chip architectures based on these designs, and has also developed memory-safe operating systems and programming tools.

“CHERI gives you a lot of primitives for building a memory-safe operating system, regardless of the language you build,” Microsoft’s Weston said.

But the challenge is that developers don’t have a security-first mindset, experts said. Windows is built on C++, and developers aren’t motivated to switch to the Rust programming language.

In addition, side-channel attacks on CPUs and GPUs will not go away, leaving memory vulnerable, said Daniel Gruss, professor of information security at Graz University of Technology.

“No matter how much security Rust brings to the kernel, we just move on to the next type of bug. We still have memory safety bugs today,” Gruss said.

According to Jim McGregor, principal analyst at Tirias Research, hackers are also finding ways to break into newer types of memory used in modern processors such as GPUs.

“The instruction set is different for GPUs, which can pose some challenges. But memory is memory, so reading memory contents would be the same,” McGregor said.