Abstract | ||
---|---|---|
Software memory disclosure attacks, such as buffer over-read, often work quietly and may cause leakage of secrets. The well-known OpenSSL Heartbleed vulnerability leaked out millions of servers' private keys, and caused most of Internet services insecure during that time. Existing solutions are either hard to apply to large code bases, or too heavyweight (e.g. by involving a hypervisor software or a modified operating system kernel). We propose SecSeg, an easy-to-use and lightweight system which leverages the traditional x86 segmentation mechanism to isolate the secrets from the remaining data. Software developers can prevent the secrets from being leaked out by simply declaring the secret variables with secure keyword. And our customized compiler will automatically separate the secrets from the remaining ones with an isolated hardware segment. Any legal instructions that have to visit the secrets will be automatically instrumented to special machine instructions which have access to the isolated segment. We have implemented an early SecSeg prototype with an open source compiler framework - the LLVM Compiler Infrastructure. The prototype proves that SecSeg is both secure and efficient. |
Year | DOI | Venue |
---|---|---|
2016 | 10.1109/WISA.2016.48 | 2016 13th Web Information Systems and Applications Conference (WISA) |
Keywords | DocType | ISBN |
memory disclosure,privacy protection,segment isolation | Conference | 978-1-5090-5438-1 |
Citations | PageRank | References |
0 | 0.34 | 5 |
Authors | ||
6 |