Abstract | ||
---|---|---|
Information leakage vulnerabilities (or simply info leaks) such as out-of-bounds/uninitialized reads in the architectural or speculative domain pose a significant security threat, allowing attackers to leak sensitive data such as crypto keys. At the same time, such vulnerabilities are hard to efficiently mitigate, as every (even speculative) memory load operation needs to be potentially instrumented against unauthorized reads. Existing confidentiality-preserving solutions based on data isolation label memory objects with different (e.g., sensitive vs. nonsensitive) colors, color load operations accordingly using static pointsto analysis, and instrument them to enforce color-matching invariants at run time. Unfortunately, the reliance on conservative points-to analysis introduces overapproximations that are detrimental to security (or further degrade performance). In this paper, we propose Type-based Data Isolation (TDI), a new practical design point in the data isolation space to mitigate info leaks. TDI isolates memory objects of different colors in separate memory arenas and uses efficient compiler instrumentation to constrain loads to the arena of the intended color by construction. TDI’s arena-based design moves the instrumentation from loads to pointer arithmetic operations, enabling new aggressive speculation-aware performance optimizations and eliminating the need for points-to analysis. Moreover, TDI’s color management is flexible. TDI can support a few-color scheme with sensitive data annotations similar to prior work (e.g., 2 colors) or a many-color scheme based on basic type analysis (i.e., one color per object type). The latter approach provides fine-grained data isolation, eliminates the need for annotations, and enforces strong color-matching invariants equivalent to ideal (context-sensitive) type-based points-to analysis. Our results show that TDI can efficiently support such strong security invariants, at average performance overheads of <10% on SPEC CPU2006 and nginx. |
Year | DOI | Venue |
---|---|---|
2022 | 10.1109/SP46214.2022.9833675 | 2022 IEEE Symposium on Security and Privacy (SP) |
Keywords | DocType | ISSN |
fine-grained data isolation,information leakage vulnerabilities,architectural domain,speculative domain,security threat,memory load operation,color load operations,conservative points-to analysis,data isolation space,compiler instrumentation,aggressive speculation-aware performance optimizations,color management,few-color scheme,sensitive data annotations,many-color scheme,type-based data isolation,color-matching invariants,confidentiality-preserving solutions,arena-based design,crypto keys | Conference | 1081-6011 |
ISBN | Citations | PageRank |
978-1-6654-1317-6 | 0 | 0.34 |
References | Authors | |
29 | 3 |
Name | Order | Citations | PageRank |
---|---|---|---|
Alyssa Milburn | 1 | 22 | 1.49 |
Erik van der Kouwe | 2 | 58 | 9.55 |
Cristiano Giuffrida | 3 | 876 | 49.61 |