Towards Fine-grained, Automated Application Compartmentalization

Vasilakis, Nikos; Karel, Ben; Roessler, Nick; Dautenhahn, Nathan; DeHon, André; Smith, Jonathan M.

doi:10.1145/3144555.3144563

Cited by 6 publications

(6 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Second, SecureCells does not aim to compartmentalize existing software with zero-modifications. While automated isolation techniques provide a crucial first step towards compartmentalized programs [34], [35], [36], security-critical software requires refactoring to fully realize the benefits of proper compartmentalization. Finally, related works target compatibility with legacy hardware or existing or upcoming software/hardware mechanisms and abstractions for isolation.…”

Section: Alternate Visions For Compartmentalizationmentioning

confidence: 99%

SecureCells: A Secure Compartmentalized Architecture

Bhattacharyya¹,

Hofhammer²,

Li³

et al. 2023

2023 IEEE Symposium on Security and Privacy (SP)

View full text Add to dashboard Cite

Modern programs are monolithic, combining code of varied provenance without isolation, all the while running on network-connected devices. A vulnerability in any component may compromise code and data of all other components. Compartmentalization separates programs into fault domains with limited policy-defined permissions, following the Principle of Least Privilege, preventing arbitrary interactions between components. Unfortunately, existing compartmentalization mechanisms target weak attacker models, incur high overheads, or overfit to specific use cases, precluding their general adoption. The need of the hour is a secure, performant, and flexible mechanism on which developers can reliably implement an arsenal of compartmentalized software.We present SecureCells, a novel architecture for intraaddress space compartmentalization. SecureCells enforces per-Virtual Memory Area (VMA) permissions for secure and scalable access control, and introduces new userspace instructions for secure and fast compartment switching with hardwareenforced call gates and zero-copy permission transfers. Secure-Cells enables novel software mechanisms for call stack maintenance and register context isolation. In microbenchmarks, SecureCells switches compartments in only 8 cycles on a 5-stage in-order processor, reducing cost by an order of magnitude compared to state-of-the-art. Consequently, SecureCells helps secure high-performance software such as an in-memory keyvalue store with negligible overhead of less than 3%.

show abstract

Section: Alternate Visions For Compartmentalizationmentioning

confidence: 99%

SecureCells: A Secure Compartmentalized Architecture

Bhattacharyya¹,

Hofhammer²,

Li³

et al. 2023

2023 IEEE Symposium on Security and Privacy (SP)

View full text Add to dashboard Cite

show abstract

“…Partitioning an application into compartments and defining which resources they can access is an open problem and it is orthogonal to this paper. Previous work focuses on identifying suitable isolation boundaries in applications and OSes using automatic and semiautomatic (e.g., annotations) techniques [9,14,33,35,42,52,62,72,73,84]. However, completely automating compartmentalization of existing software is still challenging.…”

Section: Signal Context Attacks a Concurrent Work With Oursmentioning

confidence: 99%

You shall not (by)pass!

Voulimeneas

Vinck

Mechelinck

et al. 2022

Proceedings of the Seventeenth European Conference on Computer Systems

View full text Add to dashboard Cite

Memory Protection Keys for Userspace (PKU) is a recent hardware feature that allows programs to assign virtual memory pages to protection domains, and to change domain access permissions using inexpensive, unprivileged instructions. Several in-process memory isolation approaches leverage this feature to prevent untrusted code from accessing sensitive program state and data. Typically, PKU-based isolation schemes need to be used in conjunction with mitigations such as CFI because untrusted code, when compromised, can otherwise bypass the PKU access permissions using unprivileged instructions or operating system APIs.Recently, researchers proposed fully self-contained PKUbased memory isolation schemes that do not rely on other mitigations. These systems use exploit-proof call gates to transfer control between trusted and untrusted code, as well as a sandbox that prevents tampering with the PKU infrastructure from untrusted code.In this paper, we show that these solutions are not complete. We first develop two proof-of-concept attacks against a state-of-the-art PKU-based memory isolation scheme. We then present Cerberus, a PKU-based sandboxing framework that can overcome limitations of existing sandboxes. We apply Cerberus to several memory isolation schemes, and show that it is practical, efficient, and secure.

show abstract

“…Modules-development-time constructs usually glued together without a full understanding of their internals-are represented as vertices. The resulting dependencies, which in modern applications can be thousands [85], are depicted as edges connecting importing parent modules with imported child modules.…”

Section: Background and Motivationmentioning

confidence: 99%

“…More rarely, companies rewrite entire systems (e.g., Twitter's Ruby-to-Scala rewrite [55]), a process that is notoriously difficult under schedule constraints and competitive pressures [80,93]. The manual effort is expensive, and can introduce new bugs, cascading changes, or regressions of previously fixed performance issues, especially since software today makes extensive use of third-party modules [85]. Could the process of identifying bottlenecks, generating a distributed version of the system, and scaling it out at runtime be significantly automated?…”

Section: Introductionmentioning

confidence: 99%

Ignis: scaling distribution-oblivious systems with light-touch distribution

Vasilakis

Karel

Palkhiwala

et al. 2019

Proceedings of the 40th ACM SIGPLAN Conference on Programming Language Design and Implementation

Self Cite

View full text Add to dashboard Cite

Distributed systems offer notable benefits over their centralized counterparts. Reaping these benefits, however, requires burdensome developer effort to identify and rewrite bottlenecked components. Light-touch distribution is a new approach that converts a legacy system into a distributed one using automated transformations. Transformations operate at the boundaries of bottlenecked modules and are parametrizable by light distribution recipes that guide the intended semantics of the resulting distribution. Transformations and recipes operate at runtime, adapting to load by scaling out only saturated components. Our Ignis prototype shows substantial speedups, attractive elasticity characteristics, and memory gains over full replication, achieved by small and backward-compatible code changes. CCS Concepts • Computer systems organization → Distributed architectures; Cloud computing; • Software and its engineering → Extra-functional properties; Software as a service orchestration system.

show abstract

Towards Fine-grained, Automated Application Compartmentalization

Cited by 6 publications

References 17 publications

SecureCells: A Secure Compartmentalized Architecture

SecureCells: A Secure Compartmentalized Architecture

You shall not (by)pass!

Ignis: scaling distribution-oblivious systems with light-touch distribution

Contact Info

Product

Resources

About