Garmr: Defending the gates of PKU-based sandboxing

10/10/2021
by   Alexios Voulimeneas, et al.
0

Memory Protection Keys for Userspace (PKU) is a recent hardware feature that allows programs to assign virtual memory pages to protection domains, and to change domain access permissions using inexpensive, unprivileged instructions. Several in-process memory isolation approaches leverage this feature to prevent untrusted code from accessing sensitive program state and data. Typically, PKU-based isolation schemes need to be used in conjunction with mitigations such as CFI because untrusted code, when compromised, can otherwise bypass the PKU access permissions using unprivileged instructions or operating system APIs. Recently, researchers proposed fully self-contained PKUbased memory isolation schemes that do not rely on other mitigations. These systems use exploit-proof call gates to transfer control between trusted and untrusted code, as well as a sandbox that prevents tampering with the PKU infrastructure from untrusted code. In this paper, we show that these solutions are not complete. We first develop two proof-of-concept attacks against a state-of-the-art PKU-based memory isolation scheme. We then present Garmr, a PKU-based sandboxing framework that can overcome limitations of existing sandboxes. We apply Garmr to several memory isolation schemes and show that it is practical, efficient and secure.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
01/21/2018

ERIM: Secure and Efficient In-process Isolation with Memory Protection Keys

Many applications can benefit from isolating sensitive data in a secure ...
research
06/13/2023

Friend or Foe Inside? Exploring In-Process Isolation to Maintain Memory Safety for Unsafe Rust

Rust is a popular memory-safe systems programming language. In order to ...
research
05/07/2021

SERVAS! Secure Enclaves via RISC-V Authenticryption Shield

Isolation is a long-standing challenge of software security. Traditional...
research
10/28/2014

Sprobes: Enforcing Kernel Code Integrity on the TrustZone Architecture

Many smartphones now deploy conventional operating systems, so the rootk...
research
09/20/2023

Capacity: Cryptographically-Enforced In-Process Capabilities for Modern ARM Architectures (Extended Version)

In-process compartmentalization and access control have been actively ex...
research
11/21/2021

Domain Page-Table Isolation

Modern applications often consist of different security domains that req...
research
03/22/2023

IRIS: a Record and Replay Framework to Enable Hardware-assisted Virtualization Fuzzing

Nowadays, industries are looking into virtualization as an effective mea...

Please sign up or login with your details

Forgot password? Click here to reset