Architectural support for copy and tamper resistant software
ASPLOS IX Proceedings of the ninth international conference on Architectural support for programming languages and operating systems
ACM Transactions on Computer Systems (TOCS)
Proceedings of the 10th international conference on Architectural support for programming languages and operating systems
ATEC '02 Proceedings of the General Track of the annual conference on USENIX Annual Technical Conference
Secure Execution via Program Shepherding
Proceedings of the 11th USENIX Security Symposium
Janus: an Approach for Confinement of Untrusted Applications
Janus: an Approach for Confinement of Untrusted Applications
Packet Classification Using Extended TCAMs
ICNP '03 Proceedings of the 11th IEEE International Conference on Network Protocols
Mondrix: memory isolation for linux using mondriaan memory protection
Proceedings of the twentieth ACM symposium on Operating systems principles
MiBench: A free, commercially representative embedded benchmark suite
WWC '01 Proceedings of the Workload Characterization, 2001. WWC-4. 2001 IEEE International Workshop
Singularity: rethinking the software stack
ACM SIGOPS Operating Systems Review - Systems work at Microsoft Research
Sealing OS processes to improve dependability and safety
Proceedings of the 2nd ACM SIGOPS/EuroSys European Conference on Computer Systems 2007
Architectural support for run-time validation of program data properties
IEEE Transactions on Very Large Scale Integration (VLSI) Systems
Secure Web Browsing with the OP Web Browser
SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
When good instructions go bad: generalizing return-oriented programming to RISC
Proceedings of the 15th ACM conference on Computer and communications security
Hardware Containers for Software Components: A Trusted Platform for COTS-Based Systems
CSE '09 Proceedings of the 2009 International Conference on Computational Science and Engineering - Volume 02
CODESSEAL: Compiler/FPGA approach to secure applications
ISI'05 Proceedings of the 2005 IEEE international conference on Intelligence and Security Informatics
| Hi-index | 0.00 |
We present a novel combination of hardware (architecture) and software (compiler) techniques to support the safe execution of untrusted code. While other efforts focus on isolating processes, our approach isolates code and data at a function (as in, C function) level, to enable fine-grained protection within a process as needed for downloaded plugins, libraries, andmodifications of open-source projects. Our solution also enforces timing restrictions to detect denial of service from untrusted code, and supports protection of dynamically allocated memory. Because bookkeeping data can become substantial (permission tables that at their finest granularity describe which memory words may be accessed by which functions), our solution employs a stack-structured bookkeeping mechanism that tracks the flow of execution and automatically dispenses with bookkeeping data when no longer needed. This approach also enables an architectural optimization to handle permissions for dynamically allocated memory, allowing heap blocks to be appropriately shared across the trust boundary. Tested across a suite of benchmarks, our solution had a worst case 12% overhead and 3.5% average overhead at the finest level of code granularity (every single function in its own unit of isolation). The overhead is easily reduced by using trace-driven analysis to combine functions into coarser-grained groups that share permissions.