Secure Compilation to Protected Module Architectures

Patrignani, Marco; Agten, Pieter; Strackx, Raoul; Jacobs, Bart; Clarke, Dave; Piessens, Frank

doi:10.1145/2699503

Cited by 77 publications

(152 citation statements)

References 49 publications

Supporting

Mentioning

152

Contrasting

Order By: Relevance

“…Salus' memory isolation mechanism provides strong guarantees that sensitive data in the private section can only be accessed by code in the public section [27][28][29][30]. Reconsidering our certificate signing service as an example (see Figure 1), we can prove that the signing key will never leave its compartment.…”

Section: Secure Communicationmentioning

confidence: 96%

“…However, recent research [27][28][29][30] has shown that memory protection mechanisms such as those offered by Salus, are able to provide full source code abstraction. This means that, even when other compartments have been successfully exploited, an attackers' capabilities are limited to interacting with the memory-safe compartment through its public interface.…”

Section: Security Evaluationmentioning

confidence: 99%

“…More recently, specially tailored hardware support has been proposed in academia [11][12][13] and industry [14][15][16]. While these research prototypes offer provable security to the sensitive data that they protect [27][28][29][30], they do not attempt to reduce the impact of a vulnerability elsewhere in the code by executing modules with the least amount of privileges possible [20]. An attacker who successfully gains control over the platform is still able to interact with other protected modules unrestrictedly.…”

Section: Related Workmentioning

confidence: 99%

See 2 more Smart Citations

Salus: Kernel Support for Secure Process Compartments

Strackx¹,

Agten²,

Avonds³

et al. 2015

ICST Transactions on Security and Safety

Self Cite

View full text Add to dashboard Cite

Consumer devices are increasingly being used to perform security and privacy critical tasks. The software used to perform these tasks is often vulnerable to attacks, due to bugs in the application itself or in included software libraries. Recent work proposes the isolation of security-sensitive parts of applications into protected modules, each of which can be accessed only through a predefined public interface. But most parts of an application can be considered security-sensitive at some level, and an attacker who is able to gain inapplication level access may be able to abuse services from protected modules. We propose Salus, a Linux kernel modification that provides a novel approach for partitioning processes into isolated compartments sharing the same address space. Salus significantly reduces the impact of insecure interfaces and vulnerable compartments by enabling compartments (1) to restrict the system calls they are allowed to perform, (2) to authenticate their callers and callees and (3) to enforce that they can only be accessed via unforgeable references. We describe the design of Salus, report on a prototype implementation and evaluate it in terms of security and performance. We show that Salus provides a significant security improvement with a low performance overhead, without relying on any non-standard hardware support.

show abstract

Section: Secure Communicationmentioning

confidence: 96%

Section: Security Evaluationmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Salus: Kernel Support for Secure Process Compartments

Strackx¹,

Agten²,

Avonds³

et al. 2015

ICST Transactions on Security and Safety

Self Cite

View full text Add to dashboard Cite

show abstract

“…Preserving full abstraction when faced with a machine level attacker has been achieved by employing memory isolation mechanisms that prevent the attacker from directly accessing the memory of the program being secured [11]. To that end the program state P is split into two sub-states: the attacker state A and the secured program state M that incorporates the MiniML program.…”

Section: Separated Program Statesmentioning

confidence: 99%

Formalizing a Secure Foreign Function Interface

Larmuseau

Clarke

2015

Software Engineering and Formal Methods

Self Cite

View full text Add to dashboard Cite

Abstract.Many high-level functional programming languages provide programmers with the ability to interoperate with untyped and lowlevel languages such as C and assembly. Research into the security of such interoperation has generally focused on a closed world scenario, one where both the high-level and low-level code are defined and analyzed statically. In practice, however, components are sometimes linked in at run-time through malicious means. In this paper we formalize an operational semantics that securely combines MiniML, a light-weight ML, with a model of a low-level attacker, without relying on any static checks on the attacker. We prove that the operational semantics are secure by establishing that they preserve and reflect the equivalences of MiniML. To that end a notion of bisimulation for the interaction between the attacker and MiniML is developed.

show abstract

“…Hence, even when the system is infested with malware, secrecy and integrity of protected modules remain guaranteed. Recent work by Agten et al [1,2] and Patrignani et al [16,17] proves that highlevel software properties can also be guaranteed at low-level by relying on PMA's memory protection and inserting proper checks at compile time.…”

Section: Protected-module Architecturesmentioning

confidence: 99%

Idea: Towards an Inverted Cloud

Strackx

Philippaerts

Vogels

2015

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Abstract. In this paper we propose the concept of an inverted cloud infrastructure. The traditional view of a cloud is turned upside down: instead of having services or infrastructure offered by a single provider, the same can be achieved by an aggregation of a multitude of mini providers. Even though the contribution of an individual mini provider in an inverted cloud can be limited, the combination would nevertheless be significant. We propose an architecture for an implementation of an inverted cloud infrastructure to allow mini providers to offer processor time. Security and efficiency can be achieved by building upon Intel's new SGX technology.

show abstract

Secure Compilation to Protected Module Architectures

Cited by 77 publications

References 49 publications

Salus: Kernel Support for Secure Process Compartments

Salus: Kernel Support for Secure Process Compartments

Formalizing a Secure Foreign Function Interface

Idea: Towards an Inverted Cloud

Contact Info

Product

Resources

About