Name
Abstract | ||
|---|---|---|
We present a novel combination of hardware (architecture) and software (compiler) techniques to support the safe execution of untrusted code. While other efforts focus on isolating processes, our approach isolates code and data at a function (as in, C function) level, to enable fine-grained protection within a process as needed for downloaded plugins, libraries, andmodifications of open-source projects. Our solution also enforces timing restrictions to detect denial of service from untrusted code, and supports protection of dynamically allocated memory. Because bookkeeping data can become substantial (permission tables that at their finest granularity describe which memory words may be accessed by which functions), our solution employs a stack-structured bookkeeping mechanism that tracks the flow of execution and automatically dispenses with bookkeeping data when no longer needed. This approach also enables an architectural optimization to handle permissions for dynamically allocated memory, allowing heap blocks to be appropriately shared across the trust boundary. Tested across a suite of benchmarks, our solution had a worst case 12% overhead and 3.5% average overhead at the finest level of code granularity (every single function in its own unit of isolation). The overhead is easily reduced by using trace-driven analysis to combine functions into coarser-grained groups that share permissions. |
Year | DOI | Venue |
|---|---|---|
2009 | 10.1145/1655077.1655082 | Proceedings of the first ACM workshop on Secure execution of untrusted code |
Keywords | DocType | Citations |
code granularity,c function,single function,memory protection,software security,bookkeeping data,average overhead,finest granularity,hardware-enforced fine-grained isolation,stack-structured bookkeeping mechanism,untrusted code,isolation,architectural support for security,memory word,fine-grained protection,denial of service,hardware architecture | Conference | 3 |
PageRank | References | Authors |
0.42 | 16 | 5 |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Eugen Leontie | 1 | 14 | 3.57 |
| Gedare Bloom | 2 | 68 | 13.95 |
| Bhagirath Narahari | 3 | 331 | 42.59 |
| Rahul Simha | 4 | 3 | 0.42 |
| Joseph Zambreno | 5 | 377 | 44.73 |