Dancing With Wolves: An Intra-Process Isolation Technique With Privileged Hardware

doi:10.1109/TDSC.2022.3168089

	Dancing With Wolves: An Intra-Process Isolation Technique With Privileged Hardware
	Wu, Chenggang 1,2; Xie, Mengyao 1,2; Wang, Zhe 1,2; Zhang, Yinqian 3; Lu, Kangjie 4; Zhang, Xiaofeng 1,2; Lai, Yuanming 1,2; Kang, Yan 1,2; Yang, Min 5,6; Li, Tao 7
	2023-05-01
发表期刊	IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING
ISSN	1545-5971
卷号	20 期号:3 页码:1959-1978
摘要	Intra-process memory isolation is a cornerstone technique of protecting the sensitive data in memory-corruption defenses, such as the shadow stack in control flow integrity (CFI) and the safe region in code pointer integrity (CPI). In this article, we propose SEIMI, a highly efficient intra-process memory isolation technique for memory-corruption defenses. The core is to use the efficient Supervisor-mode Access Prevention (SMAP), a hardware feature that is originally used for preventing the kernel from accessing the user space, to achieve intra-process memory isolation. To leverage SMAP, SEIMI creatively executes the user code in the privileged mode. In addition to enabling the new design of the SMAP-based memory isolation, we further develop multiple new techniques to ensure secure escalation of user code. Extensive experiments show that SEIMI outperforms existing isolation mechanisms, including the Memory Protection Keys (MPK) based scheme and the Memory Protection Extensions (MPX) based scheme.
关键词	Codes Hardware Kernel Runtime Security Registers Virtualization Intra-process memory isolation Intel supervisor-mode access prevention
DOI	10.1109/TDSC.2022.3168089
收录类别	SCI
语种	英语
资助项目	NSFC[61902374] ; NSFC[U1736208] ; NSFC[U1636204] ; NSFC[U1836213] ; NSF[CNS-1815621] ; NSF[CNS-1931208]
WOS研究方向	Computer Science
WOS类目	Computer Science, Hardware & Architecture ; Computer Science, Information Systems ; Computer Science, Software Engineering
WOS记录号	WOS:000992398900013
出版者	IEEE COMPUTER SOC
引用统计	被引频次：4[WOS] [WOS记录] [WOS相关记录]
文献类型	期刊论文
条目标识符	http://119.78.100.204/handle/2XEOYT63/21224
专题	中国科学院计算技术研究所期刊论文_英文
通讯作者	Wang, Zhe
作者单位	1.Chinese Acad Sci, Inst Comp Technol, Beijing 100190, Peoples R China 2.Univ Chinese Acad Sci, Beijing 100049, Peoples R China 3.Southern Univ Sci & Technol, Shenzhen 518055, Peoples R China 4.Univ Minnesota Twin Cities, Comp Sci & Engn Dept, Minneapolis, MN 55455 USA 5.Fudan Univ, Shanghai 201203, Peoples R China 6.Shanghai Univ, Shanghai Inst Intelligent Elect & Syst, Shanghai Inst Adv Commun & Data Sci, Shanghai 200444, Peoples R China 7.Nankai Univ, Coll Cyber Sci, Tianjin 300071, Peoples R China
推荐引用方式 GB/T 7714	Wu, Chenggang,Xie, Mengyao,Wang, Zhe,et al. Dancing With Wolves: An Intra-Process Isolation Technique With Privileged Hardware[J]. IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING,2023,20(3):1959-1978.
APA	Wu, Chenggang.,Xie, Mengyao.,Wang, Zhe.,Zhang, Yinqian.,Lu, Kangjie.,...&Li, Tao.(2023).Dancing With Wolves: An Intra-Process Isolation Technique With Privileged Hardware.IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING,20(3),1959-1978.
MLA	Wu, Chenggang,et al."Dancing With Wolves: An Intra-Process Isolation Technique With Privileged Hardware".IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING 20.3(2023):1959-1978.