Climate Change Data Portal
| DOI | 10.1109/SP40000.2020.00087 |
| SEIMI: Efficient and Secure SMAP-Enabled Intra-process Memory Isolation | |
Wang, Zhe; Wu, Chenggang; Xie, Mengyao; Zhang, Yinqian; Lu, Kangjie; Zhang, Xiaofeng; Lai, Yuanming ; Kang, Yan; Yang, Min
| |
| 发表日期 | 2020 |
| ISSN | 1081-6011 |
| 起始页码 | 592 |
| 结束页码 | 607 |
| 英文摘要 | Memory-corruption attacks such as code-reuse attacks and data-only attacks have been a key threat to systems security. To counter these threats, researchers have proposed a variety of defenses, including control-flow integrity (CFI), code-pointer integrity (CPI), and code (re-)randomization. All of them, to be effective, require a security primitive-intra-process protection of confidentiality and/or integrity for sensitive data (such as CFI's shadow stack and CPI's safe region). In this paper, we propose SEIMI, a highly efficient intra-process memory isolation technique for memory-corruption defenses to protect their sensitive data. The core of SEIMI is to use the efficient Supervisor-mode Access Prevention (SMAP), a hardware feature that is originally used for preventing the kernel from accessing the user space, to achieve intra-process memory isolation. To leverage SMAP, SEIMI creatively executes the user code in the privileged mode. In addition to enabling the new design of the SMAP-based memory isolation, we further develop multiple new techniques to ensure secure escalation of user code, e.g., using the descriptor caches to capture the potential segment operations and configuring the Virtual Machine Control Structure (VMCS) to invalidate the execution result of the control registers related operations. Extensive experimental results show that SEIMI outperforms existing isolation mechanisms, including both the Memory Protection Keys (MPK) based scheme and the Memory Protection Extensions (MPX) based scheme, while providing secure memory isolation. |
| 语种 | 英语 |
| WOS研究方向 | Computer Science ; Engineering |
| WOS类目 | Computer Science, Information Systems ; Computer Science, Theory & Methods ; Engineering, Electrical & Electronic |
| WOS记录号 | WOS:000618063500030 |
| 来源期刊 | 2020 IEEE SYMPOSIUM ON SECURITY AND PRIVACY (SP 2020)
 |
| 来源机构 | 中国科学院西北生态环境资源研究院 |
| 文献类型 | 期刊论文 |
| 条目标识符 | http://gcip.llas.ac.cn/handle/2XKMVOVA/239582 |
| 作者单位 | [Wang, Zhe; Wu, Chenggang; Xie, Mengyao; Zhang, Xiaofeng; Lai, Yuanming; Kang, Yan] Chinese Acad Sci, State Key Lab Comp Architecture, Inst Comp Technol, Beijing, Peoples R China; [Wang, Zhe; Wu, Chenggang; Xie, Mengyao; Zhang, Xiaofeng; Lai, Yuanming] Univ Chinese Acad Sci, Beijing, Peoples R China; [Zhang, Yinqian] Ohio State Univ, Columbus, OH 43210 USA; [Lu, Kangjie] Univ Minnesota, Minneapolis, MN 55455 USA; [Yang, Min] Fudan Univ, Shanghai, Peoples R China |
| 推荐引用方式 GB/T 7714 | Wang, Zhe,Wu, Chenggang,Xie, Mengyao,et al. SEIMI: Efficient and Secure SMAP-Enabled Intra-process Memory Isolation[J]. 中国科学院西北生态环境资源研究院,2020. |
| APA | Wang, Zhe.,Wu, Chenggang.,Xie, Mengyao.,Zhang, Yinqian.,Lu, Kangjie.,...&Yang, Min.(2020).SEIMI: Efficient and Secure SMAP-Enabled Intra-process Memory Isolation.2020 IEEE SYMPOSIUM ON SECURITY AND PRIVACY (SP 2020). |
| MLA | Wang, Zhe,et al."SEIMI: Efficient and Secure SMAP-Enabled Intra-process Memory Isolation".2020 IEEE SYMPOSIUM ON SECURITY AND PRIVACY (SP 2020) (2020). |
| 条目包含的文件 | 条目无相关文件。 | |||||
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。
