Assessing the Impact of Interface Vulnerabilities in Compartmentalized Software

Lefeuvre, Hugo; Bădoiu, Vlad-Andrei; Chien, Yi; Huici, Felipe; Dautenhahn, Nathan; Olivier, Pierre

doi:10.14722/ndss.2023.24117

Cited by 6 publications

(4 citation statements)

References 34 publications

(114 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…It consists of marking compartment boundaries and shared data [22], e.g. with annotations, but also sometimes redesigning part of the software with security in mind [21]. If high, it can be a significant barrier to the adoption of compartmentalization, as it increases costs and development complexity [22].…”

Section: Designmentioning

confidence: 99%

“…Data sharing is however made at a coarser granularity, with the entire shared memory region accessible to both compartments at all times. This trades off security in two ways: 1) bounds are not tight to individual objects, thus not offering CHERI's spatial safety for shared objects; 2) even assuming no revocation in Approach 1, the number of objects effectively accessible by each compartment at any execution time will remain larger, resulting in more potential for compartment interface vulnerabilities [21]. In terms of scalability, this approach only scales to a small number of compartments: indeed one can create only a single overlapping region per pair of communicating compartment, hence a scenario with e.g.…”

Section: Approachmentioning

confidence: 99%

“…When retrofitting compartmentalization to existing code bases, a key challenge is keeping refactoring costs low [4]. This is crucial not only for reducing the cost of deployment, but also to reduce the number of errors made during the compartmentalization, which can undermine its efficiency or security guarantees [21]. Work exploring compartmentalization with CHERI is so far limited to solutions with relatively high porting costs [11,32,41], that require a non-negligible reworking to the code corresponding to inter-compartment communications.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Software Compartmentalization Trade-Offs with Hardware Capabilities

Kressel,

Lefeuvre,

Olivier

2023

Proceedings of the 12th Workshop on Programming Languages and Operating Systems

Self Cite

View full text Add to dashboard Cite

Compartmentalization is a form of defensive software design in which an application is broken down into isolated but communicating components. Retrofitting compartmentalization into existing applications is often thought to be expensive from the engineering effort and performance overhead points of view. Still, recent years have seen proposals of compartmentalization methods with promises of low engineering efforts and reduced performance impact. ARM Morello combines a modern ARM processor with an implementation of Capability Hardware Enhanced RISC Instructions (CHERI) aiming to provide efficient and secure compartmentalization. Past works exploring CHERI-based compartmentalization were restricted to emulated/FPGA prototypes.In this paper, we explore possible compartmentalization schemes with CHERI on the Morello chip. We propose two approaches representing different trade-offs in terms of engineering effort, security, scalability, and performance impact. We describe and implement these approaches on a prototype OS running bare metal on the Morello chip, compartmentalize two popular applications, and investigate the performance overheads. Furthermore, we show that compartmentalization can be achieved with an engineering cost that can be quite low if one is willing to trade off on scalability and security, and that performance overheads are similar to other intra-address space isolation mechanisms.CCS Concepts: • Security and privacy → Security in hardware; Operating systems security; Software and application security.

show abstract

Section: Designmentioning

confidence: 99%

Section: Approachmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Software Compartmentalization Trade-Offs with Hardware Capabilities

Kressel,

Lefeuvre,

Olivier

2023

Proceedings of the 12th Workshop on Programming Languages and Operating Systems

Self Cite

View full text Add to dashboard Cite

show abstract

“…Another negative consequence of this proliferation of compartmentalization interfaces exposed to application code is that they are difficult to design and use correctly, which results in a new and growing set of security vulnerabilities [17]. We believe that abstracting away the isolation primitives exposed to the applications could help reduce the number of such vulnerabilities and simplify their mitigation by containing them in more controlled parts of the OS.…”

Section: Namementioning

confidence: 99%

xOS

Tchana,

Goepp,

Bitchebe

et al. 2023

Proceedings of the 14th ACM SIGOPS Asia-Pacific Workshop on Systems

View full text Add to dashboard Cite

HAL is a multi-disciplinary open access archive for the deposit and dissemination of scientific research documents, whether they are published or not. The documents may come from teaching and research institutions in France or abroad, or from public or private research centers. L'archive ouverte pluridisciplinaire HAL, est destinée au dépôt et à la diffusion de documents scientifiques de niveau recherche, publiés ou non, émanant des établissements d'enseignement et de recherche français ou étrangers, des laboratoires publics ou privés.

show abstract