Computer Science Department , MS Thesis Presentation , Alden Cutler "Making a Secure Bounce Allocator Practical in the Linux Kernel"

Alden Cutler

MS student

WPI – Computer Science Department 

Tuesday, April 14, 2026

Time: 1:00 p.m.  – 2:30 p.m.

Location:  Fuller Labs  141

Zoom Link: https://wpi.zoom.us/j/92131497768 

Advisor: Prof.  Robert Walls

Reader:  Prof. Xiaoyan Sun

Abstract:

Temporal memory safety vulnerabilities such as use-after-free remain a major security risk in the Linux kernel. The Bounce Allocator is a promising defense that combines pointer indirection with hardware memory tagging, but deploying it directly requires many manual source edits.

This thesis investigates whether compiler-assisted instrumentation can reduce that integration effort. I implement an LLVM IR pass that rewrites supported allocation, free, and pointer-use patterns to automatically apply bounce allocator protections. The pass finds candidate allocator calls, recovers pointer intent using instruction-use analysis with optional debug metadata, and inserts the required indirection while handling common kernel patterns such as zero-initialized allocations and pointer casts.

I evaluate this approach by building and deploying an instrumented Android kernel on ARM hardware with Memory Tagging Extension (MTE) support. The results show a clear tradeoff: much lower manual integration effort in exchange for added compile-time cost, with improved maintainability from centralizing integration in the compiler pass. These findings suggest compiler automation is a practical path for deploying bounce allocator protections in production-scale kernels.