Filters








8 Hits in 1.9 sec

libmpk: Software Abstraction for Intel Memory Protection Keys [article]

Soyeon Park, Sangho Lee, Wen Xu, Hyungon Moon, Taesoo Kim
2018 arXiv   pre-print
In this paper, we propose libmpk, a software abstraction for MPK. libmpk virtualizes protection keys to eliminate the protection-key-use-after-free and protection-key corruption problems while supporting  ...  We apply libmpk to three real-world applications: OpenSSL, JavaScript JIT compiler, and Memcached for memory protection and isolation.  ...  This thread-local inherence helps to improve security for the applications that require isolation on memory access among dif- Software Abstraction of Intel MPK libmpk provides a secure and usable abstraction  ... 
arXiv:1811.07276v1 fatcat:gsewvmrnubegfeuvotsgmovday

μTiles: Efficient Intra-Process Privilege Enforcement of Memory Regions [article]

Zahra Tarkhani, Anil Madhavapeddy
2020 arXiv   pre-print
To this end, we propose μTiles, a lightweight kernel abstraction and set of security primitives based on mutual distrust for intra-process privilege separation, memory protection, and secure multithreading  ...  . μTiles takes advantage of hardware support for virtual memory tagging (e.g., ARM memory domains) to achieve significant performance gain while eliminating various hardware limitations.  ...  Acknowledgment We thank Ed Nightingale, Reuben Olinsky, and Jewell Seay for helpful discussions, and David Chisnall, Jon Crowcroft, Marno van der Maas, and Ali Varamesh for feedback on earlier drafts of  ... 
arXiv:2004.04846v1 fatcat:hhctnbtynrdnnaobt5avpdt5yy

Iso-UniK: lightweight multi-process unikernel through memory protection keys

Guanyu Li, Dong Du, Yubin Xia
2020 Cybersecurity  
Iso-UniK leverages a recent hardware feature, named Intel Memory Protection Key (Intel MPK), to provide lightweight and efficient isolation for multi-process in unikernel.  ...  Many applications rely on the process abstraction to isolate different components. For example, Apache with the multi-processing module isolates a request handler in a process to guarantee security.  ...  Intel MPK Intel MPK (Memory Protection Keys) (Intel 64 and IA-32 architectures software developer's manual) is a keys-based permission control for memory isolation of userspace.  ... 
doi:10.1186/s42400-020-00051-9 fatcat:4o73faozxbb5fh4cjfceetm3yq

Donky: Domain Keys - Efficient In-Process Isolation for RISC-V and x86

David Schrammel, Samuel Weiser, Stefan Steinegger, Martin Schwarzl, Michael Schwarz, Stefan Mangard, Daniel Gruss
2020 USENIX Security Symposium  
We propose Donky, an efficient hardware-software codesign for strong in-process isolation based on dynamic memory protection domains.  ...  Efficient and secure in-process isolation is in great demand, as evidenced in the shift towards JavaScript and the recent revival of memory protection keys.  ...  Additional funding was provided by generous gifts from Intel and from Cloudflare.  ... 
dblp:conf/uss/SchrammelWSS0MG20 fatcat:f3rywxsejbdgbpomcyhhzre42q

The Endokernel: Fast, Secure, and Programmable Subprocess Virtualization [article]

Bumjin Im
2021 arXiv   pre-print
The Endokernel introduces a new virtual machine abstraction for representing subprocess authority, which is enforced by an efficient self-isolating monitor that maps the abstraction to system level objects  ...  Overall, we believe sub-process isolation is a must and that the Endokernel exposes an essential set of abstractions for realizing this in a simple and feasible way.  ...  Intel ® Memory Protection Keys (MPK) MPK [29] extends page tables with a 4-bit tag for labeling each mapping.  ... 
arXiv:2108.03705v2 fatcat:tovxud33k5crnlpqmnsrd4mfmu

Polytope: Practical Memory Access Control for C++ Applications [article]

Ioannis Agadakos, Manuel Egele, William Robertson
2022
A run-time support library manages partitions, protection keys, dynamic memory operations, and indirect call target privileges.  ...  Designing and implementing secure software is inarguably more important than ever.  ...  Libmpk [29] abstracts MPK, virtualizing the limited number of protection keys and preventing key use-after-free vulnerabilities.  ... 
doi:10.48550/arxiv.2201.08461 fatcat:q4w2n4gaznb2hdgmq6aybixupq

Trust as a Programming Primitive

Adrien Ghosn
2021
Thanks for tolerating my constant interruptions in the office, for always taking the time to listen to my ideas and discuss them, for continuing to give me time and advices, even after you left EPFL.  ...  Thank you for all the love and support you gave me during these 5 years.  ...  Intel MPK: Intel Memory Protection Keys (MPK) tags page table entries with one of 16 possible keys.  ... 
doi:10.5075/epfl-thesis-8165 fatcat:4fzojr5gxbgkppth7ze2b5lsiu

NoJITsu: Locking Down JavaScript Engines

Taemin Park, Karel Dhondt, David Gens, Yeoul Na, Stijn Volckaert, Michael Franz
2020 Proceedings 2020 Network and Distributed System Security Symposium   unpublished
For this we combine automated analysis, instrumentation, compartmentalization, and Intel's Memory-Protection Keys to secure SpiderMonkey against existing and newly synthesized attacks.  ...  The key idea behind our defense is to enable fine-grained memory access control for individual memory regions based on their roles throughout the JavaScript lifecycle.  ...  Libmpk [47] provides a secure software abstraction to improve security and resolve technical challenges in using MPK.  ... 
doi:10.14722/ndss.2020.24262 fatcat:56pwknobjvgmhi54yxtmxdcv5y