Hardware-Based Domain Virtualization for Intra-Process Isolation of Persistent Memory Objects

Xu, Yuanchao; Ye, ChenCheng; Solihin, Yan; Shen, Xipeng

doi:10.1109/isca45697.2020.00062

Cited by 15 publications

(6 citation statements)

References 46 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…To allow the occurrence of WRPKR instructions in more than one trusted component, we can rely on a CFI technique for the RISC-V Rocket core [6] to protect PKR from manipulation by an attacker. libmpk [13] and Xu et al [24] provide a software-based and a hardware-based virtualization technique, respectively, to address the limited number of pkeys. We can leverage such virtualization techniques to support more than 1024 domains for SealPK.…”

Section: Related Workmentioning

confidence: 99%

“…In terms of scalability, Intel MPK provides only 16 pkeys. However, some real-world use cases such as Persistent Memory Object (PMO) [24] and OpenSSL [13] require more than 1000 pkeys. The above-mentioned drawbacks hinder the deployment of Intel MPK for enforcing granular intra-process memory isolation.…”

Section: Introductionmentioning

confidence: 99%

“…Although Control-Flow Integrity (CFI) [2] can also be utilized to prohibit an uncontrolled execution of WRPKRU instruction [13], CFI enforcement mechanisms incur considerable performance overhead. To address the limited number of pkeys, libmpk [13] and Xu et al [24] have proposed a software-based and a hardware-based virtualization technique, respectively. The virtualization technique of libmpk suffers from large overheads due to expensive Page Table Entry (PTE) updates [24].…”

Section: Introductionmentioning

confidence: 99%

“…To address the limited number of pkeys, libmpk [13] and Xu et al [24] have proposed a software-based and a hardware-based virtualization technique, respectively. The virtualization technique of libmpk suffers from large overheads due to expensive Page Table Entry (PTE) updates [24]. While the hardware-based virtualization technique by Xu et arXiv:2012.02715v1 [cs.CR] 4 Dec 2020 al.…”

Section: Introductionmentioning

confidence: 99%

“…While the hardware-based virtualization technique by Xu et arXiv:2012.02715v1 [cs.CR] 4 Dec 2020 al. [24] provides an efficient implementation, it is not generic and is tailored for a specific application (PMO protection). Note that the pkey virtualization techniques can eliminate the pkey use-after-free problem.…”

Section: Introductionmentioning

confidence: 99%

See 4 more Smart Citations

SealPK: Sealable Protection Keys for RISC-V

Delshadtehrani

Canakci

Egele

et al. 2021

2021 Design, Automation &Amp; Test in Europe Conference &Amp; Exhibition (DATE)

View full text Add to dashboard Cite

With the continuous increase in the number of software-based attacks, there has been a growing effort towards isolating sensitive data and trusted software components from untrusted third-party components. A hardware-assisted intraprocess isolation mechanism enables software developers to partition a process into isolated components and in turn secure sensitive data from untrusted components. However, most of the existing hardware-assisted intra-process isolation mechanisms in modern processors, such as ARM and IBM Power, rely on costly kernel operations for switching between trusted and untrusted domains. Recently, Intel introduced a new hardware feature for intraprocess memory isolation, called Memory Protection Keys (MPK), which enables a user-space process to switch the domains in an efficient way. While the efficiency of Intel MPK enables developers to leverage it for common use cases such as Code-Pointer Integrity, the limited number of unique domains ( 16) prohibits its use in cases such as OpenSSL where a large number of domains are required. Moreover, Intel MPK suffers from the protection key use-after-free vulnerability. To address these shortcomings, in this paper, we propose an efficient intra-process isolation technique for the RISC-V open ISA, called SealPK, which supports up to 1024 unique domains. SealPK prevents the protection key useafter-free problem by leveraging a lazy de-allocation approach. To further strengthen SealPK, we devise three novel sealing features to protect the allocated domains, their associated pages, and their permissions from modifications or tampering by an attacker. To demonstrate the feasibility of our design, we implement SealPK on a RISC-V Rocket processor, provide the OS support for it, and prototype our design on an FPGA. We demonstrate the efficiency of SealPK by leveraging it to implement an isolated shadow stack on our FPGA prototype.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%