MicroStache: A Lightweight Execution Context for In-Process Safe Region Isolation
| Autor: | Nathan Dautenhahn, Ashay Rane, Lucian Mogosanu |
|---|---|
| Rok vydání: | 2018 |
| Předmět: |
010302 applied physics
business.industry Computer science CPU cache 020206 networking & telecommunications 02 engineering and technology Work in process 01 natural sciences Instruction set Embedded system 0103 physical sciences 0202 electrical engineering electronic engineering information engineering Programming paradigm Paging Memory segmentation Cache Side channel attack business |
| Zdroj: | Research in Attacks, Intrusions, and Defenses ISBN: 9783030004699 RAID |
| DOI: | 10.1007/978-3-030-00470-5_17 |
| Popis: | In this work we present, MicroStache, a specialized hardware mechanism and new process abstraction for accelerating safe region security solutions. In the safe region paradigm, an application is split into safe and unsafe parts. Unfortunately, frequent mixing of safe and unsafe operations stresses memory isolation mechanisms. MicroStache addresses this challenge by adding an orthogonal execution domain into the process abstraction, consisting of a memory segment and minimal instruction set. Unlike alternative hardware, MicroStache implements a simple microarchitectural memory segmentation scheme while integrating it with paging, and also extends the safe region abstraction to isolate data in the processor cache, allowing it to protect against cache side channel attacks. A prototype is presented that demonstrates how to automatically leverage MicroStache to enforce security polices, SafeStack and CPI, with 5% and 1.2% overhead beyond randomized isolation. Despite specialization, MicroStache enhances a growing and critical programming paradigm with minimal hardware complexity. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|