IMPULP: A Hardware Approach for In-Process Memory Protection via User-Level Partitioning
文献类型:期刊论文
| 作者 | Zhao, Yang-Yang1,2; Chen, Ming-Yu1,2,3; Liu, Yu-Hang1,2,3; Yang, Zong-Hao1,2; Zhu, Xiao-Jing1; Hong, Zong-Hui2; Guo, Yun-Ge |
| 刊名 | JOURNAL OF COMPUTER SCIENCE AND TECHNOLOGY
 |
| 出版日期 | 2020-03-01 |
| 卷号 | 35期号:2页码:418-432 |
| 关键词 | in-process isolation memory protection out-of-bounds user-level partitioning |
| ISSN号 | 1000-9000 |
| DOI | 10.1007/s11390-020-9703-2 |
| 英文摘要 | In recent years many security attacks occur when malicious codes abuse in-process memory resources. Due to the increasing complexity, an application program may call third-party code which cannot be controlled by programmers but may contain security vulnerabilities. As a result, the users have the risk of suffering information leakage and control flow hijacking. However, current solutions like Intel memory protection extensions (MPX) severely degrade performance, while other approaches like Intel memory protection keys (MPK) lack flexibility in dividing security domains. In this paper, we propose IMPULP, an effective and efficient hardware approach for in-process memory protection. The rationale of IMPULP is user-level partitioning that user code segments are divided into different security domains according to their instruction addresses, and accessible memory spaces are specified dynamically for each domain via a set of boundary registers. Each instruction related to memory access will be checked according to its security domain and the corresponding boundaries, and illegal in-process memory access of untrusted code segments will be prevented. IMPULP can be leveraged to prevent a wide range of in-process memory abuse attacks, such as buffer overflows and memory leakages. For verification, an FPGA prototype based on RISC-V instruction set architecture has been developed. We present eight tests to verify the effectiveness of IMPULP, including five memory protection function tests, a test to defense typical buffer overflow, a test to defense famous memory leakage attack named Heartbleed, and a test for security benchmark. We execute the SPEC CPU2006 benchmark programs to evaluate the efficiency of IMPULP. The performance overhead of IMPULP is less than 0.2% runtime on average, which is negligible. Moreover, the resource overhead is less than 5.5% for hardware modification of IMPULP. |
| 资助项目 | National Key Research and Development Plan of China[2016YFB1000200] ; National Natural Science Foundation of China[61772497] ; State Key Laboratory of Computer Architecture Foundation[CARCH4405] ; State Key Laboratory of Computer Architecture Foundation[CARCH2601] |
| WOS研究方向 | Computer Science |
| 语种 | 英语 |
| WOS记录号 | WOS:000534804000017 |
| 出版者 | SCIENCE PRESS |
| 源URL | [http://119.78.100.204/handle/2XEOYT63/15336]  |
| 专题 | 中国科学院计算技术研究所期刊论文_英文 |
| 通讯作者 | Chen, Ming-Yu |
| 作者单位 | 1.Chinese Acad Sci, Inst Comp Technol, State Key Lab Comp Architecture, Beijing 100190, Peoples R China 2.Univ Chinese Acad Sci, Beijing 10049, Peoples R China 3.PengCheng Lab, Shenzhen 518055, Peoples R China |
| 推荐引用方式 GB/T 7714 | Zhao, Yang-Yang,Chen, Ming-Yu,Liu, Yu-Hang,et al. IMPULP: A Hardware Approach for In-Process Memory Protection via User-Level Partitioning[J]. JOURNAL OF COMPUTER SCIENCE AND TECHNOLOGY,2020,35(2):418-432. |
| APA | Zhao, Yang-Yang.,Chen, Ming-Yu.,Liu, Yu-Hang.,Yang, Zong-Hao.,Zhu, Xiao-Jing.,...&Guo, Yun-Ge.(2020).IMPULP: A Hardware Approach for In-Process Memory Protection via User-Level Partitioning.JOURNAL OF COMPUTER SCIENCE AND TECHNOLOGY,35(2),418-432. |
| MLA | Zhao, Yang-Yang,et al."IMPULP: A Hardware Approach for In-Process Memory Protection via User-Level Partitioning".JOURNAL OF COMPUTER SCIENCE AND TECHNOLOGY 35.2(2020):418-432. |
入库方式: OAI收割
来源:计算技术研究所
浏览0
下载0
收藏0
其他版本
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。