TY - JOUR
T1 - Dancing With Wolves
T2 - An Intra-Process Isolation Technique With Privileged Hardware
AU - Wu, Chenggang
AU - Xie, Mengyao
AU - Wang, Zhe
AU - Zhang, Yinqian
AU - Lu, Kangjie
AU - Zhang, Xiaofeng
AU - Lai, Yuanming
AU - Kang, Yan
AU - Yang, Min
AU - Li, Tao
N1 - Publisher Copyright:
IEEE
PY - 2023/5/1
Y1 - 2023/5/1
N2 - Intra-process memory isolation is a cornerstone technique of protecting the sensitive data in memory-corruption defenses, such as the shadow stack in control flow integrity (CFI) and the safe region in code pointer integrity (CPI). In this article, we propose SEIMI, a highly efficient intra-process memory isolation technique for memory-corruption defenses. The core is to use the efficient Supervisor-mode Access Prevention (SMAP), a hardware feature that is originally used for preventing the kernel from accessing the user space, to achieve intra-process memory isolation. To leverage SMAP, SEIMI creatively executes the user code in the privileged mode. In addition to enabling the new design of the SMAP-based memory isolation, we further develop multiple new techniques to ensure secure escalation of user code. Extensive experiments show that SEIMI outperforms existing isolation mechanisms, including the Memory Protection Keys (MPK) based scheme and the Memory Protection Extensions (MPX) based scheme.
AB - Intra-process memory isolation is a cornerstone technique of protecting the sensitive data in memory-corruption defenses, such as the shadow stack in control flow integrity (CFI) and the safe region in code pointer integrity (CPI). In this article, we propose SEIMI, a highly efficient intra-process memory isolation technique for memory-corruption defenses. The core is to use the efficient Supervisor-mode Access Prevention (SMAP), a hardware feature that is originally used for preventing the kernel from accessing the user space, to achieve intra-process memory isolation. To leverage SMAP, SEIMI creatively executes the user code in the privileged mode. In addition to enabling the new design of the SMAP-based memory isolation, we further develop multiple new techniques to ensure secure escalation of user code. Extensive experiments show that SEIMI outperforms existing isolation mechanisms, including the Memory Protection Keys (MPK) based scheme and the Memory Protection Extensions (MPX) based scheme.
KW - Intel supervisor-mode access prevention
KW - Intra-process memory isolation
UR - http://www.scopus.com/inward/record.url?scp=85128633855&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85128633855&partnerID=8YFLogxK
U2 - 10.1109/TDSC.2022.3168089
DO - 10.1109/TDSC.2022.3168089
M3 - Article
AN - SCOPUS:85128633855
SN - 1545-5971
VL - 20
SP - 1959
EP - 1978
JO - IEEE Transactions on Dependable and Secure Computing
JF - IEEE Transactions on Dependable and Secure Computing
IS - 3
ER -