Secure Memory Management on Modern Hardware

09/06/2020
by   Reto Achermann, et al.
0

Almost all modern hardware, from phone SoCs to high-end servers with accelerators, contain memory translation and protection hardware like IOMMUs, firewalls, and lookup tables which make it impossible to reason about, and enforce protection and isolation based solely on the processor's MMUs. This has led to numerous bugs and security vulnerabilities in today's system software. In this paper we regain the ability to reason about and enforce access control using the proven concept of a reference monitor mediating accesses to memory resources. We present a fine-grained, realistic memory protection model that makes this traditional concept applicable today, and bring system software in line with the complexity of modern, heterogeneous hardware. Our design is applicable to any operating system, regardless of architecture. We show that it not only enforces the integrity properties of a system, but does so with no inherent performance overhead and it is even amenable to automation through code generation from trusted hardware specifications.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
08/23/2019

A Least-Privilege Memory Protection Model for Modern Hardware

We present a new least-privilege-based model of addressing on which to b...
research
06/06/2022

CompartOS: CHERI Compartmentalization for Embedded Systems

Existing high-end embedded systems face frequent security attacks. Softw...
research
05/15/2019

Neverland: Lightweight Hardware Extensions for Enforcing Operating System Integrity

The security of applications hinges on the trustworthiness of the operat...
research
08/25/2021

Hardware-assisted Trusted Memory Disaggregation for Secure Far Memory

Memory disaggregation provides efficient memory utilization across netwo...
research
09/20/2023

Capacity: Cryptographically-Enforced In-Process Capabilities for Modern ARM Architectures (Extended Version)

In-process compartmentalization and access control have been actively ex...
research
04/29/2019

IRONHIDE: A Secure Multicore Architecture that Leverages Hardware Isolation Against Microarchitecture State Attacks

Modern microprocessors enable aggressive hardware virtualization that ex...
research
12/13/2021

FlexOS: Towards Flexible OS Isolation

At design time, modern operating systems are locked in a specific safety...

Please sign up or login with your details

Forgot password? Click here to reset