Memory errors continue to be a critical concern for programs written in low-level programming languages such as C and C++. A number of defenses have been proposed with varying trade-offs in overhead, compatibility, and attack resistance. Some defenses are highly compatible but only provide minimal protection, and can be easily bypassed by knowledgeable attackers. On the other end of the spectrum, capability systems provide very strong (unforgeable) protection but require novel software and hardware implementations that have poor compatibility by definition. The challenge is to achieve both very strong protection while maintaining compatibility with existing software stacks.

We propose Fully Randomized Pointers (FRP) as a novel way to get a much stronger memory error defense, resistant to bypass attacks and compatible with existing compiled software. The key idea is to fully randomize pointer bits as much as possible. The high degree of randomization renders even brute force attacks impractical. We design a FRP encoding that is: (1) compatible with existing binary code (recompilation not needed); and (2) decoupled from the underlying object layout. FRP is prototyped as: (i) a software implementation (BlueFRP) to test security and compatibility; and (ii) a proof-of-concept hardware implementation (GreenFRP) to evaluate performance. We show FRP is secure, practical, and compatible at the binary level, while our hardware implementation achieves modest performance overheads (${<}10%$).