Memory tagging for side-channel defense, memory safety, and sandboxing

What is claimed: 1. An apparatus, comprising: a plurality of processor cores; cache memory communicatively coupled to one or more of the plurality of processor cores; pointer security circuitry to define memory tags in memory address pointers, the memory tags comprising an identification tag and an encryption tag; and encryption circuitry to cryptographically secure data objects at least partially based on the memory tags, wherein the encryption circuitry is to use the identification tag to at least partially define a tweak input to an encryption algorithm used to cryptographically secure the data objects and use the encryption tag to identify one or more encryption keys used in the encryption algorithm. 2. The apparatus of claim 1 , wherein the identification tag identifies a type, a function, a memory location, or a use for a data object. 3. The apparatus of claim 1 , wherein the memory tags include a small object tag, wherein the pointer security circuitry is to determine a value for a tweak input to the encryption algorithm at least partially based on a value of the small object tag. 4. The apparatus of claim 3 , wherein the small object tag indicates that a cacheline includes a number of identification tags associated with a number of objects stored in the cacheline with the number of identification tags, to enable sub-cacheline granularity of memory tagging. 5. The apparatus of claim 1 , wherein the memory tags include a bound distance tag, wherein the pointer security circuitry is configured to identify a distance of stray of a memory address pointer from a location of an object. 6. The apparatus of claim 1 , wherein the memory tags further comprises a bound tag embedded within a virtual memory address. 7. The apparatus of claim 1 , further comprising: integrity check circuitry to generate integrity check values at least partially based on a memory location for data and an encrypted value of the data, wherein the pointer security circuitry is configured to detect tampering with a memory address pointer at least partially based on the integrity check values. 8. The apparatus of claim 1 , wherein the encryption circuitry further is to use the identification tag to identify the one or more encryption keys used in the encryption algorithm. 9. The apparatus of claim 1 , wherein the encryption tag is used to identify the one or more encryption keys in a key table of the apparatus. 10. A computer-readable device having instructions, which when executed by at least one processor, cause the at least one processor to perform operations, comprising: receive a request to define a memory address pointer; identify a type or function of data referenced by the memory address pointer; generate an identification tag associated with the type or function of the data; embed the identification tag within the memory address pointer; generate an encryption tag that identifies one or more encryption keys; embed the encryption tag within the memory address pointer; and encrypt the data with an encryption algorithm using the one or more encryption keys and tweak to the encryption algorithm that is at least partially defined by the identification tag. 11. The computer-readable device of claim 10 , wherein the identification tag is a first identification tag, wherein the operations further include: receive a request to access the memory address pointer; receive a second identification tag associated with the request to access the memory address pointer; compare the first identification tag to the second identification tag; and deny access to the request to access the memory address pointer, if the first identification tag mismatches the second identification tag. 12. The computer-readable device of claim 10 , wherein the operations further include: associate the memory address pointer with a number of objects of a cacheline; and set a small object tag within the memory address pointer to indicate that the memory address pointer is associated with the number of subsets of objects of the cacheline. 13. The computer-readable device of claim 12 , wherein operations further comprise: store a plurality of memory tags in the cacheline with the number of objects in the cacheline to provide sub-cacheline granularity of memory tagging. 14. The computer-readable device of claim 10 , wherein the memory address pointer is a virtual memory address pointer. 15. The computer-readable device of claim 10 , wherein the tweak to the encryption algorithm includes the identification tag and a physical memory address. 16. A computer-readable device having instructions, which when executed by at least one processor, cause the at least one processor to perform operations, comprising: allocate first one or more bits in a memory address pointer to define a bound distance tag to represent an offset for the memory address pointer; allocate second one or more bits in the memory address pointer to define an identification tag for the memory address pointer, the identification tag for the memory address pointer to represent at least one of a use, a type, or a characteristic of data referenced by the memory address pointer; read an identification tag for a cacheline, wherein the cacheline referenced by a value of the memory address pointer minus a value of the bound distance tag; and execute a pointer security operation if the identification tag for the cacheline is not equal to the identification tag of the memory address pointer. 17. The computer-readable device of claim 16 , wherein the bound distance tag enables the at least one processor to determine whether the memory address pointer has been manipulated to point to unauthorized objects. 18. The computer-readable device of claim 16 , wherein the pointer security operation is a fault operation in response to a pointer security update instruction. 19. The computer-readable device of claim 18 , wherein the operations further include: determine an object base address at least partially based on the distance in terms of cachelines. 20. The computer-readable device of claim 16 , wherein the bound distance tag includes a distance in terms of cachelines from a current pointer value to an original pointer value for the memory address pointer. 21. The computer-readable device of claim 16 , wherein the operations further include: update the memory address pointer in a first register with an addend in a second register to perform a pointer add command; identify an identification tag of an object referenced by the updated memory address pointer; perform a fault operation if the identification tag of a cacheline referenced by the updated memory address pointer is different than the identification tag of the memory address pointer. 22. The computer-readable device of claim 21 , wherein identify an identification tag of an object referenced by the updated memory address pointer, includes: subtract a value of the bound distance tag multiplied by a size of the cacheline to determine bounds of a contiguous region of the identification tag for the memory address pointer. 23. The computer-readable device of claim 21 , wherein the operations further include: in response to the pointer add command, perform the fault operation if a size of the memory address pointer is insufficient to store a new bound distance value for the updated memory address pointer. 24. The computer-readable device of claim 16 , wherein the operat