DeepAI AI Chat
Log In Sign Up

Practical Fine-grained Privilege Separation in Multithreaded Applications

by   Jun Wang, et al.
Penn State University

An inherent security limitation with the classic multithreaded programming model is that all the threads share the same address space and, therefore, are implicitly assumed to be mutually trusted. This assumption, however, does not take into consideration of many modern multithreaded applications that involve multiple principals which do not fully trust each other. It remains challenging to retrofit the classic multithreaded programming model so that the security and privilege separation in multi-principal applications can be resolved. This paper proposes ARBITER, a run-time system and a set of security primitives, aimed at fine-grained and data-centric privilege separation in multithreaded applications. While enforcing effective isolation among principals, ARBITER still allows flexible sharing and communication between threads so that the multithreaded programming paradigm can be preserved. To realize controlled sharing in a fine-grained manner, we created a novel abstraction named ARBITER Secure Memory Segment (ASMS) and corresponding OS support. Programmers express security policies by labeling data and principals via ARBITER's API following a unified model. We ported a widely-used, in-memory database application (memcached) to ARBITER system, changing only around 100 LOC. Experiments indicate that only an average runtime overhead of 5.6 induced to this security enhanced version of application.


page 1

page 2

page 3

page 4


Enabling Lightweight Privilege Separation in Applications with MicroGuards

Application compartmentalization and privilege separation are our primar...

Salus: Fine-Grained GPU Sharing Primitives for Deep Learning Applications

GPU computing is becoming increasingly more popular with the proliferati...

μTiles: Efficient Intra-Process Privilege Enforcement of Memory Regions

With the alarming rate of security advisories and privacy concerns on co...

Hardware-assisted Trusted Memory Disaggregation for Secure Far Memory

Memory disaggregation provides efficient memory utilization across netwo...

Prediction of Compression Index of Fine-Grained Soils Using a Gene Expression Programming Model

In construction projects, estimation of the settlement of fine-grained s...

E-Tenon: An Efficient Privacy-Preserving Secure Open Data Sharing Scheme for EHR System

The transition from paper-based information to Electronic-Health-Records...