Byte-level Object Bounds Protection

Computer Science > Cryptography and Security [Submitted on 20 Mar 2026] Byte-level Object Bounds Protection Piyus Kedia Low-level C programs remain highly vulnerable to out-of-bounds memory corruption. State-of-the-art precise defenses either introduce severe runtime overhead due to metadata memory lookups, or break standard C semantics by disallowing partial structs or the creation of an object's end address (EA), a legal operation ubiquitous in real-world C code. Conversely, practical alignment-based solutions achieve efficiency only by relaxing protected bounds. We present PRISM, a precise, zero-lookup object-bounds scheme that eliminates these restrictions. PRISM compresses a 47-bit EA into the 17-bit unused tag area of a 64-bit pointer. By enforcing the invariant that a statically known starting address (KSA) cannot exceed the EA, PRISM completely eliminates the need for costly metadata memory fetches in nearly all bounds checks, while strictly retaining precise object bounds. Our invariant also simplifies the lower-bound checks in existing alignment-based solutions, thus improving their performance. To achieve high throughput, PRISM introduces q-padding, an optimization that safely removes bounds checks for constant-offset accesses (such as struct fields) while maintaining precise, byte-level protection for the variable-indexed accesses primarily exploited by attackers. Evaluated on SPEC 2017, PRISM achieves an arithmetic mean CPU overhead of 46.1\% with a 32-byte q-padding (dropping to 31.3\% in a 32-bit address space). On highly concurrent, real-world workloads, PRISM secures a fully saturated Apache web server with only an 11.1\% throughput reduction, demonstrating its readiness for production deployment. Furthermore, PRISM successfully detected an out-of-bounds violation in \texttt{gcc} that prior tools missed due to their lack of support for partial structs. Subjects: Cryptography and Security (cs.CR); Software Engineering (cs.SE) Cite as: arXiv:2603.20347 [cs.CR]   (or arXiv:2603.20347v1 [cs.CR] for this version)   https://doi.org/10.48550/arXiv.2603.20347 Focus to learn more Submission history From: Piyus Kedia [view email] [v1] Fri, 20 Mar 2026 11:51:18 UTC (1,089 KB) Access Paper: HTML (experimental) view license Current browse context: cs.CR < prev   |   next > new | recent | 2026-03 Change to browse by: cs cs.SE References & Citations NASA ADS Google Scholar Semantic Scholar Export BibTeX Citation Bookmark Bibliographic Tools Bibliographic and Citation Tools Bibliographic Explorer Toggle Bibliographic Explorer (What is the Explorer?) Connected Papers Toggle Connected Papers (What is Connected Papers?) Litmaps Toggle Litmaps (What is Litmaps?) scite.ai Toggle scite Smart Citations (What are Smart Citations?) Code, Data, Media Demos Related Papers About arXivLabs Which authors of this paper are endorsers? | Disable MathJax (What is MathJax?)