ERIM: Secure and Efficient In-process Isolation with Memory Protection Keys

by   Anjo Vahldiek-Oberwagner, et al.

Many applications can benefit from isolating sensitive data in a secure library. Examples include protecting cryptographic keys behind a narrow cryptography API to defend against vulnerabilities like OpenSSL's Heartbleed bug. When such a library is called relatively infrequently, page-based hardware isolation can be used, because the cost of kernel-mediated domain switching is tolerable. However, some applications require very frequent domain switching, such as isolating code pointers to prevent control flow hijack attacks in code-pointer integrity (CPI). These applications have relied on weaker isolation techniques like address-space layout randomization (ASLR), which allow efficient switching but have proved vulnerable to attack. In this paper, we present ERIM, a novel technique that combines the security of hardware-enforced isolation with a switching performance near that of ASRL. ERIM can support sensitive data access up to a million times per CPU core a second with low overhead. The key idea is to combine memory protection keys (MPKs), a feature recently added to Intel CPUs, with binary rewriting to prevent circumvention. ERIM provides three primitives: isolation, call gates, and syscall mediation. We show how to apply ERIM to isolate frequently accessed session keys (not just the long-term keys) in nginx, a high performance web server, and how to isolate sensitive data in CPI. Our measurements indicate a negligible degradation in performance, even with very high rates of switching between the untrusted application and the secure library.


page 1

page 2

page 3

page 4


Garmr: Defending the gates of PKU-based sandboxing

Memory Protection Keys for Userspace (PKU) is a recent hardware feature ...

PULP: Inner-process Isolation based on the Program Counter and Data Memory Address

Plenty of in-process vulnerabilities are blamed on various out of bound ...

Polytope: Practical Memory Access Control for C++ Applications

Designing and implementing secure software is inarguably more important ...

SERVAS! Secure Enclaves via RISC-V Authenticryption Shield

Isolation is a long-standing challenge of software security. Traditional...

Cryptographically Secure Information Flow Control on Key-Value Stores

We present Clio, an information flow control (IFC) system that transpare...

MOAT: Towards Safe BPF Kernel Extension

The Linux kernel makes considerable use of Berkeley Packet Filter (BPF) ...

Friend or Foe Inside? Exploring In-Process Isolation to Maintain Memory Safety for Unsafe Rust

Rust is a popular memory-safe systems programming language. In order to ...

Please sign up or login with your details

Forgot password? Click here to reset