DeepAI AI Chat
Log In Sign Up

Garmr: Defending the gates of PKU-based sandboxing

by   Alexios Voulimeneas, et al.

Memory Protection Keys for Userspace (PKU) is a recent hardware feature that allows programs to assign virtual memory pages to protection domains, and to change domain access permissions using inexpensive, unprivileged instructions. Several in-process memory isolation approaches leverage this feature to prevent untrusted code from accessing sensitive program state and data. Typically, PKU-based isolation schemes need to be used in conjunction with mitigations such as CFI because untrusted code, when compromised, can otherwise bypass the PKU access permissions using unprivileged instructions or operating system APIs. Recently, researchers proposed fully self-contained PKUbased memory isolation schemes that do not rely on other mitigations. These systems use exploit-proof call gates to transfer control between trusted and untrusted code, as well as a sandbox that prevents tampering with the PKU infrastructure from untrusted code. In this paper, we show that these solutions are not complete. We first develop two proof-of-concept attacks against a state-of-the-art PKU-based memory isolation scheme. We then present Garmr, a PKU-based sandboxing framework that can overcome limitations of existing sandboxes. We apply Garmr to several memory isolation schemes and show that it is practical, efficient and secure.


page 1

page 2

page 3

page 4


ERIM: Secure and Efficient In-process Isolation with Memory Protection Keys

Many applications can benefit from isolating sensitive data in a secure ...

SERVAS! Secure Enclaves via RISC-V Authenticryption Shield

Isolation is a long-standing challenge of software security. Traditional...

Sprobes: Enforcing Kernel Code Integrity on the TrustZone Architecture

Many smartphones now deploy conventional operating systems, so the rootk...

MOAT: Towards Safe BPF Kernel Extension

The Linux kernel makes considerable use of Berkeley Packet Filter (BPF) ...

Domain Page-Table Isolation

Modern applications often consist of different security domains that req...

IRONHIDE: A Secure Multicore Architecture that Leverages Hardware Isolation Against Microarchitecture State Attacks

Modern microprocessors enable aggressive hardware virtualization that ex...

IRIS: a Record and Replay Framework to Enable Hardware-assisted Virtualization Fuzzing

Nowadays, industries are looking into virtualization as an effective mea...