Terry Ching-Hsiang Hsu - Purdue University
Students: Spring 2023, unless noted otherwise, sessions will be virtual on Zoom.
Enforcing Least Privilege Memory Views for Multithreaded Applications
Oct 12, 2016Download: MP4 Video Size: 39.0MB
Watch on YouTube
AbstractFailing to properly isolate components in the same address space has resulted in a substantial amount of vulnerabilities. Enforcing the least privilege principle for memory accesses can selectively isolate software components to restrict attack surface and prevent unintended cross-component memory corruption. However, the boundaries and interactions between software components are hard to reason about and existing approaches have failed to stop attackers from exploiting vulnerabilities caused by poor isolation. We present the secure memory views (SMV) model: a practical and efficient model for secure and selective memory isolation in monolithic multithreaded applications. SMV is a third generation privilege separation technique that offers explicit access control of memory and allows concurrent threads within the same process to partially share or fully isolate their memory space in a controlled and parallel manner following application requirements. An evaluation of our prototype in the Linux kernel (TCB < 1,800 LOC) shows negligible runtime performance overhead in real-world applications including Cherokee web server (< 0.69%), Apache httpd web server (< 0.93%), and Mozilla Firefox web browser (< 1.89%) with at most 12 LOC changes.
About the Speaker
Terry Hsu is a PhD candidate at Purdue University studying memory systems and system security. His research is concerned with the development of operating systems. Particular topics of interest include memory model, memory safety, memory isolation, and operating system security