Dancing With Wolves: An Intra-Process Isolation Technique With Privileged Hardware
文献类型:期刊论文
| 作者 | Wu, Chenggang4,5; Xie, Mengyao4,5; Wang, Zhe4,5; Zhang, Yinqian6; Lu, Kangjie1; Zhang, Xiaofeng4,5; Lai, Yuanming4,5; Kang, Yan4,5; Yang, Min3,7; Li, Tao2 |
| 刊名 | IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING
 |
| 出版日期 | 2023-05-01 |
| 卷号 | 20期号:3页码:1959-1978 |
| 关键词 | Codes Hardware Kernel Runtime Security Registers Virtualization Intra-process memory isolation Intel supervisor-mode access prevention |
| ISSN号 | 1545-5971 |
| DOI | 10.1109/TDSC.2022.3168089 |
| 英文摘要 | Intra-process memory isolation is a cornerstone technique of protecting the sensitive data in memory-corruption defenses, such as the shadow stack in control flow integrity (CFI) and the safe region in code pointer integrity (CPI). In this article, we propose SEIMI, a highly efficient intra-process memory isolation technique for memory-corruption defenses. The core is to use the efficient Supervisor-mode Access Prevention (SMAP), a hardware feature that is originally used for preventing the kernel from accessing the user space, to achieve intra-process memory isolation. To leverage SMAP, SEIMI creatively executes the user code in the privileged mode. In addition to enabling the new design of the SMAP-based memory isolation, we further develop multiple new techniques to ensure secure escalation of user code. Extensive experiments show that SEIMI outperforms existing isolation mechanisms, including the Memory Protection Keys (MPK) based scheme and the Memory Protection Extensions (MPX) based scheme. |
| 资助项目 | NSFC[61902374] ; NSFC[U1736208] ; NSFC[U1636204] ; NSFC[U1836213] ; NSF[CNS-1815621] ; NSF[CNS-1931208] |
| WOS研究方向 | Computer Science |
| 语种 | 英语 |
| WOS记录号 | WOS:000992398900013 |
| 出版者 | IEEE COMPUTER SOC |
| 源URL | [http://119.78.100.204/handle/2XEOYT63/21223]  |
| 专题 | 中国科学院计算技术研究所期刊论文_英文 |
| 通讯作者 | Wang, Zhe |
| 作者单位 | 1.Univ Minnesota Twin Cities, Comp Sci & Engn Dept, Minneapolis, MN 55455 USA 2.Nankai Univ, Coll Cyber Sci, Tianjin 300071, Peoples R China 3.Shanghai Univ, Shanghai Inst Intelligent Elect & Syst, Shanghai Inst Adv Commun & Data Sci, Shanghai 200444, Peoples R China 4.Chinese Acad Sci, Inst Comp Technol, Beijing 100190, Peoples R China 5.Univ Chinese Acad Sci, Beijing 100049, Peoples R China 6.Southern Univ Sci & Technol, Shenzhen 518055, Peoples R China 7.Fudan Univ, Shanghai 201203, Peoples R China |
| 推荐引用方式 GB/T 7714 | Wu, Chenggang,Xie, Mengyao,Wang, Zhe,et al. Dancing With Wolves: An Intra-Process Isolation Technique With Privileged Hardware[J]. IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING,2023,20(3):1959-1978. |
| APA | Wu, Chenggang.,Xie, Mengyao.,Wang, Zhe.,Zhang, Yinqian.,Lu, Kangjie.,...&Li, Tao.(2023).Dancing With Wolves: An Intra-Process Isolation Technique With Privileged Hardware.IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING,20(3),1959-1978. |
| MLA | Wu, Chenggang,et al."Dancing With Wolves: An Intra-Process Isolation Technique With Privileged Hardware".IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING 20.3(2023):1959-1978. |
入库方式: OAI收割
来源:计算技术研究所
浏览0
下载0
收藏0
其他版本
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。