@article {GriDav18A, title = {ARMOR: A Recompilation and Instrumentation-free Monitoring Architecture for Detecting Memory Exploits}, journal = {IEEE Transactions on Computers (TC)}, volume = {67}, year = {2018}, abstract = {Software written in programming languages that permit manual memory management, such as C and C++, are often littered with exploitable memory errors. These memory bugs enable attackers to leak sensitive information, hijack program control flow, or otherwise compromise the system and are a critical concern for computer security. Many runtime monitoring and protection approaches have been proposed to detect memory errors in C and C++ applications, however, they require source code recompilation or binary instrumentation, creating compatibility challenges for applications using proprietary or closed source code, libraries, or plug-ins. This paper introduces a new approach for detecting heap memory errors that does not require applications to be recompiled or instrumented. We show how to leverage the calling convention of a processor to track all dynamic memory allocations made by an application during runtime. We also present a transparent tracking and caching architecture to efficiently verify program heap memory accesses. Performance simulations of our architecture using SPEC benchmarks and real-world application workloads show our architecture achieves hit rates over 95\% for a 256-entry cache, resulting in only 2.9\% runtime overhead. Security analysis using a software prototype shows our architecture detects 98\% of heap memory errors from selected test cases in the Juliet Test Suite and real-world exploits.}, author = {Alex Grieve and Michael Davies and Phillip Jones and Joseph Zambreno} }