Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
184 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
45 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Software Compartmentalization Trade-Offs with Hardware Capabilities (2309.11332v2)

Published 20 Sep 2023 in cs.CR and cs.OS

Abstract: Compartmentalization is a form of defensive software design in which an application is broken down into isolated but communicating components. Retrofitting compartmentalization into existing applications is often thought to be expensive from the engineering effort and performance overhead points of view. Still, recent years have seen proposals of compartmentalization methods with promises of low engineering efforts and reduced performance impact. ARM Morello combines a modern ARM processor with an implementation of Capability Hardware Enhanced RISC Instructions (CHERI) aiming to provide efficient and secure compartmentalization. Past works exploring CHERI-based compartmentalization were restricted to emulated/FPGA prototypes. In this paper, we explore possible compartmentalization schemes with CHERI on the Morello chip. We propose two approaches representing different trade-offs in terms of engineering effort, security, scalability, and performance impact. We describe and implement these approaches on a prototype OS running bare metal on the Morello chip, compartmentalize two popular applications, and investigate the performance overheads. Furthermore, we show that compartmentalization can be achieved with an engineering cost that can be quite low if one is willing to trade off on scalability and security, and that performance overheads are similar to other intra-address space isolation mechanisms.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (45)
  1. Libsodium website, 2023. https://doc.libsodium.org/.
  2. Sqlite website, 2023. https://www.sqlite.org/index.html.
  3. Polytope: Practical memory access control for C++ applications. CoRR, abs/2201.08461, 2022.
  4. Defence Advanced Research Projects Agency. Broad agency announcement compartmentalization and privilege management (cpm).
  5. Compartos: CHERI compartmentalization for embedded systems. CoRR, abs/2206.02852, 2022.
  6. Cali: Compiler-assisted library isolation. In Jiannong Cao, Man Ho Au, Zhiqiang Lin, and Moti Yung, editors, ASIA CCS ’21: ACM Asia Conference on Computer and Communications Security, Virtual Event, Hong Kong, June 7-11, 2021, pages 550–564. ACM, 2021.
  7. Wedge: Splitting applications into Reduced-Privilege compartments. In 5th USENIX Symposium on Networked Systems Design and Implementation (NSDI 08), San Francisco, CA, April 2008. USENIX Association.
  8. Privtrans: Automatically partitioning programs for privilege separation. In 13th USENIX Security Symposium (USENIX Security 04), San Diego, CA, August 2004. USENIX Association.
  9. Datashield: Configurable data confidentiality and integrity. In Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, ASIA CCS ’17, page 193–204, New York, NY, USA, 2017. Association for Computing Machinery.
  10. Shreds: Fine-grained execution units with private memory. In IEEE Symposium on Security and Privacy, SP 2016, San Jose, CA, USA, May 22-26, 2016, pages 56–71. IEEE Computer Society, 2016.
  11. CHERI JNI: sinking the java security model into the C. In Yunji Chen, Olivier Temam, and John Carter, editors, Proceedings of the Twenty-Second International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS 2017, Xi’an, China, April 8-12, 2017, pages 569–583. ACM, 2017.
  12. Nested kernel: An operating system architecture for intra-kernel privilege separation. In Proceedings of the Twentieth International Conference on Architectural Support for Programming Languages and Operating Systems, pages 191–206, 2015.
  13. Lawrence G. Esswood. CheriOS: designing an untrusted single-address-space capability operating system utilising capability hardware and a minimal hypervisor. Technical Report UCAM-CL-TR-961, University of Cambridge, Computer Laboratory, September 2021.
  14. Clean application compartmentalization with SOAAP. In Indrajit Ray, Ninghui Li, and Christopher Kruegel, editors, Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, Denver, CO, USA, October 12-16, 2015, pages 1016–1031. ACM, 2015.
  15. Hodor: Intra-process isolation for high-throughput data plane libraries. In Proceedings of the 2019 USENIX Annual Technical Conference, ATC’19. USENIX Association, 2019.
  16. KSplit: Automating device driver isolation. In 16th USENIX Symposium on Operating Systems Design and Implementation (OSDI 22), pages 613–631, Carlsbad, CA, July 2022. USENIX Association.
  17. Paul A. Karger. Limiting the damage potential of discretionary trojan horses. In Proceedings of the 1987 IEEE Symposium on Security and Privacy, Oakland, California, USA, April 27-29, 1987, pages 32–37. IEEE Computer Society, 1987.
  18. Douglas Kilpatrick. Privman: A library for partitioning applications. In 2003 USENIX Annual Technical Conference (USENIX ATC 03), San Antonio, TX, June 2003. USENIX Association.
  19. Unikraft: Fast, specialized unikernels the easy way. In Proceedings of the Sixteenth European Conference on Computer Systems, EuroSys ’21, page 376–394, New York, NY, USA, 2021. Association for Computing Machinery.
  20. Low-fat pointers: Compact encoding and efficient gate-level implementation of fat pointers for spatial safety and capability-based security. CCS ’13, page 721–732, New York, NY, USA, 2013. Association for Computing Machinery.
  21. Assessing the impact of interface vulnerabilities in compartmentalized software. In 30th Annual Network and Distributed System Security Symposium, NDSS 2023, San Diego, California, USA, February 27 - March 3, 2023. The Internet Society, 2023.
  22. Flexos: towards flexible OS isolation. In Babak Falsafi, Michael Ferdman, Shan Lu, and Thomas F. Wenisch, editors, ASPLOS ’22: 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Lausanne, Switzerland, 28 February 2022 - 4 March 2022, pages 467–482. ACM, 2022.
  23. Flexos: making OS isolation flexible. In Sebastian Angel, Baris Kasikci, and Eddie Kohler, editors, HotOS ’21: Workshop on Hot Topics in Operating Systems, Ann Arbor, Michigan, USA, June, 1-3, 2021, pages 79–87. ACM, 2021.
  24. ARM Limited. Arm Morello System Development Platform (SDP) Technical Reference Manual, 2022.
  25. Ptrsplit: Supporting general pointers in automatic program partitioning. In Proceedings of the 24th ACM SIGSAC Conference on Computer and Communications Security, CCS’17. Association for Computing Machinery, 2017.
  26. Arm Ltd. Arm® architecture reference manual supplement morello for a-profile architecture. Technical report, 2022.
  27. Preventing kernel hacks with hakcs. In 29th Annual Network and Distributed System Security Symposium, NDSS 2022, San Diego, California, USA, April 24-28, 2022. The Internet Society, 2022.
  28. Retrofitting fine grain isolation in the firefox renderer. In Proceedings of the 29th USENIX Security Symposium, USENIX Security’20. USENIX Association, 2020.
  29. Robert M Norton. Hardware support for compartmentalisation. Technical report, Cambridge, UK, 2016.
  30. Preventing privilege escalation. In 12th USENIX Security Symposium (USENIX Security 03), Washington, D.C., August 2003. USENIX Association.
  31. The protection of information in computer systems. Proceedings of the IEEE, 63(9):1278–1308, 1975.
  32. CAP-VMs: Capability-Based isolation and sharing in the cloud. In 16th USENIX Symposium on Operating Systems Design and Implementation (OSDI 22), pages 597–612, Carlsbad, CA, July 2022. USENIX Association.
  33. Cubicleos: a library OS with software componentisation for practical isolation. In Tim Sherwood, Emery D. Berger, and Christos Kozyrakis, editors, ASPLOS ’21: 26th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Virtual Event, USA, April 19-23, 2021, pages 546–558. ACM, 2021.
  34. Donky: Domain keys – efficient in-process isolation for RISC-V and x86. In Proceedings of the 29th USENIX Security Symposium, USENIX Security’20. USENIX Association, 2020.
  35. Flexsc: Flexible system call scheduling with exception-less system calls. In Osdi, volume 10, pages 33–46, 2010.
  36. Intra-unikernel isolation with intel memory protection keys. In Proceedings of the 16th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, VEE ’20, page 143–156, New York, NY, USA, 2020. Association for Computing Machinery.
  37. ERIM: Secure, efficient in-process isolation with protection keys (MPK). In Proceedings of the 28th USENIX Security Symposium, USENIX Security’19. USENIX Association, 2019.
  38. Isolating functions at the hardware limit with virtines. In Proceedings of the Seventeenth European Conference on Computer Systems, EuroSys ’22, page 644–662, New York, NY, USA, 2022. Association for Computing Machinery.
  39. Robert Watson. The arm morello board, 2022. https://www.cl.cam.ac.uk/research/security/ctsrd/cheri/cheri-morello.html.
  40. Fast protection-domain crossing in the CHERI capability-system architecture. IEEE Micro, 36(5):38–49, 2016.
  41. CHERI: A hybrid capability-system architecture for scalable software compartmentalization. In 2015 IEEE Symposium on Security and Privacy, SP 2015, San Jose, CA, USA, May 17-21, 2015, pages 20–37. IEEE Computer Society, 2015.
  42. Cheri c/c++ programming guide. Technical report, Cambridge, UK, 2020.
  43. The cheri capability model: Revisiting risc in an age of risk. ACM SIGARCH Computer Architecture News, 42(3):457–468, 2014.
  44. Codejail: Application-transparent isolation of libraries with tight program interactions. In Sara Foresti, Moti Yung, and Fabio Martinelli, editors, Proceedings of the 17th European Symposium on Research in Computer Security, pages 859–876. Springer Berlin Heidelberg, 2012.
  45. Cherirtos: A capability model for embedded devices. In 2018 IEEE 36th International Conference on Computer Design (ICCD), pages 92–99. IEEE, 2018.

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now