No Principal Too Small: Memory Access Control for Fine-Grained Protection Domains

Modern programs comprise multiple threads of execution inside a single principal -- the process -- with a single protection domain, usually a page table. We propose a hardware enforced, fine-grained memory protection mechanism to divide the process into smaller principals and multiple protection domains. Our approach supports modern software engineering better than traditional processes by enabling developers to align software components with protection mechanisms. We implemented our architecture using a cycle-accurate simulator of a complex out-of-order pipeline and evaluate our solution using open-source benchmarks and synthetic micro benchmarks designed specifically to stress our system.

[1]  Guru Venkataramani,et al.  Tradeoffs in fine-grained heap memory protection , 2006, ASID '06.

[2]  Bhagirath Narahari,et al.  Hardware-enforced fine-grained isolation of untrusted code , 2009, SecuCode '09.

[3]  Barry W. Boehm,et al.  COTS-Based Systems Top 10 List , 2001, Computer.

[4]  Jean-Marc Jézéquel,et al.  Design by Contract: The Lessons of Ariane , 1997, Computer.

[5]  Trevor Mudge,et al.  MiBench: A free, commercially representative embedded benchmark suite , 2001 .

[6]  Takeo Kanade,et al.  High Performance Embedded Architectures and Compilers , 2009, Lecture Notes in Computer Science.

[7]  Daniel Leinerud Add-ons för Firefox , 2009 .

[8]  Crispan Cowan,et al.  StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks , 1998, USENIX Security Symposium.

[9]  Jerome H. Saltzer,et al.  The protection of information in computer systems , 1975, Proc. IEEE.

[10]  Hsien-Hsin S. Lee,et al.  InfoShield: a security architecture for protecting information usage in memory , 2006, The Twelfth International Symposium on High-Performance Computer Architecture, 2006..

[11]  James Cheney,et al.  Cyclone: A Safe Dialect of C , 2002, USENIX Annual Technical Conference, General Track.

[12]  Milo M. K. Martin,et al.  Multifacet's general execution-driven multiprocessor simulator (GEMS) toolset , 2005, CARN.

[13]  Guru Venkataramani,et al.  MemTracker: Efficient and Programmable Support for Memory Access Monitoring and Debugging , 2007, 2007 IEEE 13th International Symposium on High Performance Computer Architecture.

[14]  Jiesheng Wu,et al.  Data-Intensive System Benchmark Suite Analysis and Specification , 1999 .

[15]  Bhagirath Narahari,et al.  Hardware Containers for Software Components: A Trusted Platform for COTS-Based Systems , 2009, 2009 International Conference on Computational Science and Engineering.

[16]  Srivaths Ravi,et al.  Architectural Support for Run-Time Validation of Program Data Properties , 2007, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[17]  Hsien-Hsin S. Lee,et al.  Memory-Centric Security Architecture , 2005, HiPEAC.

[18]  Krste Asanovic,et al.  Mondrian memory protection , 2002, ASPLOS X.

[19]  Fredrik Larsson,et al.  Simics: A Full System Simulation Platform , 2002, Computer.

[20]  George C. Necula,et al.  CCured: type-safe retrofitting of legacy software , 2005, TOPL.

[21]  Guru Venkataramani,et al.  Comprehensively and efficiently protecting the heap , 2006, ASPLOS XII.

[22]  Jonathan S. Turner,et al.  Packet classification using extended TCAMs , 2003, 11th IEEE International Conference on Network Protocols, 2003. Proceedings..