Hardware-enforced fine-grained isolation of untrusted code

2009 International Conference on Computational Science and Engineering

Narahari

et al. 2009

Self Cite

Abstract-Much of modern software development consists of assembling together existing software components and writing the glue code that integrates them into a unified application. The term COTS-Based System (CBS) is often used to describe such applications, for which the components assembled are understood to be CommercialOff-The-Shelf (COTS) components written by a multitude of independent third parties. The manner of assembly in CBS includes full-source components that are integrated at compile-time, pure-binary libraries incorporated at loadtime, and plugins that are loaded into the application at execution time by the user. Because components have access to system resources, applications may crash due to faulty components or may be compromised by malicious components. In this paper, we ask the question: can hardware support the development and deployment of CBS by providing applications with a trusted platform for managing components and their interactions? We present an architecture that places each CBS component in a hardware-enforced container. The hardware then detects improper usage of system resources (unauthorized memory accesses or denial-of-service) and enables applications to undertake a hardware-supervised recovery procedure. Furthermore, the hardware also maintains a violation record to enable developers to recreate the violation for the purpose of debugging and further development. Taken together, the purpose of the architecture we propose is to enable executing untrusted CBS code on trusted hardware.

Section: Architecture Overviewmentioning

confidence: 99%

Section: Architecture Overviewmentioning

confidence: 99%

Section: B Performance Evaluationmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Hardware Containers for Software Components: A Trusted Platform for COTS-Based Systems

2009 International Conference on Computational Science and Engineering

Narahari

et al. 2009

Self Cite

“…Our prior work introduced hardware containers [3], [4] for fine-grained isolation of code and data that targets code written with a hierarchical control flow, which is normal in imperative, procedural, and object-oriented languages. Containers isolate code at the granularity of functions as a natural boundary for structured components and programs.…”

Section: Introductionmentioning

confidence: 99%

Automation for creating and configuring security manifests for hardware containers

2011 4th Symposium on Configuration Analytics and Automation (SAFECONFIG)

Simha

2011

Self Cite

Abstract-Hardware containers provide fine-grained memory access control to isolate memory regions and sandbox memory references between components of an application. A hardware reference monitor enforces a security manifest of memory access permissions for the currently executing component. In this paper we discuss how automation tools can help software developers to create the security manifest that configures hardware containers. The goal of this work is to foster discussion about our proposals for automation tools: to date we know of no solutions for extracting the metadata (permissions) required for fine-grained memory access control.

No Principal Too Small: Memory Access Control for Fine-Grained Protection Domains

2012 15th Euromicro Conference on Digital System Design

Narahari

et al. 2012

Self Cite

Abstract-Modern programs comprise multiple threads of execution inside a single principal-the process-with a single protection domain, usually a page table. We propose a hardwareenforced, fine-grained memory protection mechanism to divide the process into smaller principals and multiple protection domains. Our approach supports modern software engineering better than traditional processes by enabling developers to align software components with protection mechanisms. We implemented our architecture using a cycle-accurate simulator of a complex out-of-order pipeline and evaluate our solution using open-source benchmarks and synthetic microbenchmarks designed specifically to stress our system.