We present a novel combination of hardware (architecture) and software (compiler) techniques to support the safe execution of untrusted code. While other efforts focus on isolating processes, our approach isolates code and data at a function (as in, C function) level, to enable fine-grained protection within a process as needed for downloaded plugins, libraries, and modifications of open-source projects. Our solution also enforces timing restrictions to detect denial of service from untrusted code, and supports protection of dynamically allocated memory. Because bookkeeping data can become substantial (permission tables that at their finest granularity describe which memory words may be accessed by which functions), our solution employs a stack-structured bookkeeping mechanism that tracks the flow of execution and automatically dispenses with bookkeeping data when no longer needed. This approach also enables an architectural optimization to handle permissions for dynamically allocated memory, allowing heap blocks to be appropriately shared across the trust boundary. Tested across a suite of benchmarks, our solution had a worst case 12% overhead and 3.5% average overhead at the finest level of code granularity (every single function in its own unit of isolation). The overhead is easily reduced by using trace-driven analysis to combine functions into coarser-grained groups that share permissions.
Abstract-Modern programs comprise multiple threads of execution inside a single principal-the process-with a single protection domain, usually a page table. We propose a hardwareenforced, fine-grained memory protection mechanism to divide the process into smaller principals and multiple protection domains. Our approach supports modern software engineering better than traditional processes by enabling developers to align software components with protection mechanisms. We implemented our architecture using a cycle-accurate simulator of a complex out-of-order pipeline and evaluate our solution using open-source benchmarks and synthetic microbenchmarks designed specifically to stress our system.
Abstract-Much of modern software development consists of assembling together existing software components and writing the glue code that integrates them into a unified application. The term COTS-Based System (CBS) is often used to describe such applications, for which the components assembled are understood to be CommercialOff-The-Shelf (COTS) components written by a multitude of independent third parties. The manner of assembly in CBS includes full-source components that are integrated at compile-time, pure-binary libraries incorporated at loadtime, and plugins that are loaded into the application at execution time by the user. Because components have access to system resources, applications may crash due to faulty components or may be compromised by malicious components. In this paper, we ask the question: can hardware support the development and deployment of CBS by providing applications with a trusted platform for managing components and their interactions? We present an architecture that places each CBS component in a hardware-enforced container. The hardware then detects improper usage of system resources (unauthorized memory accesses or denial-of-service) and enables applications to undertake a hardware-supervised recovery procedure. Furthermore, the hardware also maintains a violation record to enable developers to recreate the violation for the purpose of debugging and further development. Taken together, the purpose of the architecture we propose is to enable executing untrusted CBS code on trusted hardware.
Abstract-The rapid growth and pervasive use of embedded systems makes it easier for an adversary to gain physical access to these devices to launch attacks and reverse engineer of the system. Encrypted execution and data (EED) platforms, where instructions and data are stored in encrypted form in memory, while incurring overheads of encryption have proven to be attractive because they offer strong security against information leakage and tampering. However, several attacks are still possible on EED systems when the adversary gains physical access to the system. In this paper we present an architectural approach to address a class of memory spoofing attacks, in which an attacker can control the address bus and spoof memory blocks as they are loaded into the processor. In this paper we focus on the integrity of the application data to prevent the attacker from tampering, injecting or replaying the data. We make use of an on-chip FPGA, an architecture that is now commonly available on many processor chips, to build a secure on-chip hardware component that verifies the integrity of application data at run-time. By implementing all our security primitives on the FPGA we do not require changes to the processor architecture. We present that data protection techniques and a performance analysis is provided through a simulation on a number of bechmarks. Our experimental results show that a high level of security can be achieved with low performance overhead.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.