Isolation Without Taxation: Near Zero Cost Transitions for SFI

Kolosick, Matthew; Narayan, Shravan; Johnson, Evan; Watt, Conrad; LeMay, Michael; Garg, Deepak; Jhala, Ranjit; Stefan, Deian

doi:10.48550/arxiv.2105.00033

Cited by 1 publication

(1 citation statement)

References 25 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Naturally, this imposes a performance overhead while not protecting against control-flow hijack attacks, making it necessary to combine it with CFI. Recent work has explored the possibility of so-called zero-cost transitions between normal and sandboxed code for well-structured code, but still requires CFI [50]. Contrary to previous solutions for memory isolation [26], [65], [88], [76], [51], [35], [68], DPTI does not require ISA extensions or re-purposing of ignored bits in the page table.…”

Section: B Related Workmentioning

confidence: 99%

Domain Page-Table Isolation

Canella¹,

Kogler²,

Giner³

et al. 2021

Preprint

View full text Add to dashboard Cite

Modern applications often consist of different security domains that require isolation from each other. While several solutions exist, most of them rely on specialized hardware, hardware extensions, or require less-efficient software instrumentation of the application.In this paper, we propose Domain Page-Table Isolation (DPTI), a novel mechanism for hardware-enforced security domains that can be readily used on commodity off-the-shelf CPUs. DPTI uses two novel techniques for dynamic, time-limited changes to the memory isolation at security-critical points, called memory freezing and stashing. We demonstrate the versatility and efficacy of DPTI in two scenarios: First, DPTI freezes or stashes memory to support faster and more fine-grained syscall filtering than state-of-the-art seccomp-bpf. With the provided memorysafety guarantees, DPTI can even securely support deep argument filtering, such as string comparisons. Second, DPTI freezes or stashes memory to efficiently confine potentially untrusted SGX enclaves, outperforming existing solutions by 14.6 %-22 % while providing the same security guarantees. Our results show that DPTI is a viable mechanism to isolate domains within applications using only existing mechanisms available on modern CPUs, without relying on special hardware instructions or extensions.

show abstract

Section: B Related Workmentioning

confidence: 99%