Garmr: Defending the gates of PKU-based sandboxing

Memory Protection Keys for Userspace (PKU) is a recent hardware feature that allows programs to assign virtual memory pages to protection domains, and to change domain access permissions using inexpensive, unprivileged instructions. Several in-process memory isolation approaches leverage this featur...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:arXiv.org 2021-10
Hauptverfasser: Voulimeneas, Alexios, Vinck, Jonas, Mechelinck, Ruben, Volckaert, Stijn
Format: Artikel
Sprache:eng
Schlagworte:
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page
container_issue
container_start_page
container_title arXiv.org
container_volume
creator Voulimeneas, Alexios
Vinck, Jonas
Mechelinck, Ruben
Volckaert, Stijn
description Memory Protection Keys for Userspace (PKU) is a recent hardware feature that allows programs to assign virtual memory pages to protection domains, and to change domain access permissions using inexpensive, unprivileged instructions. Several in-process memory isolation approaches leverage this feature to prevent untrusted code from accessing sensitive program state and data. Typically, PKU-based isolation schemes need to be used in conjunction with mitigations such as CFI because untrusted code, when compromised, can otherwise bypass the PKU access permissions using unprivileged instructions or operating system APIs. Recently, researchers proposed fully self-contained PKUbased memory isolation schemes that do not rely on other mitigations. These systems use exploit-proof call gates to transfer control between trusted and untrusted code, as well as a sandbox that prevents tampering with the PKU infrastructure from untrusted code. In this paper, we show that these solutions are not complete. We first develop two proof-of-concept attacks against a state-of-the-art PKU-based memory isolation scheme. We then present Garmr, a PKU-based sandboxing framework that can overcome limitations of existing sandboxes. We apply Garmr to several memory isolation schemes and show that it is practical, efficient and secure.
format Article
fullrecord <record><control><sourceid>proquest</sourceid><recordid>TN_cdi_proquest_journals_2581110153</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2581110153</sourcerecordid><originalsourceid>FETCH-proquest_journals_25811101533</originalsourceid><addsrcrecordid>eNpjYuA0MjY21LUwMTLiYOAtLs4yMDAwMjM3MjU15mQwck8syi2yUnBJTUvNS8nMS1coyUhVSE8sSS1WyE9TCPAO1U1KLE5NUShOzEtJyq8AquBhYE1LzClO5YXS3AzKbq4hzh66BUX5haWpxSXxWfmlRXlAqXgjUwtDQ0MDQ1NjY-JUAQBsTjLX</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2581110153</pqid></control><display><type>article</type><title>Garmr: Defending the gates of PKU-based sandboxing</title><source>Freely Accessible Journals at publisher websites</source><creator>Voulimeneas, Alexios ; Vinck, Jonas ; Mechelinck, Ruben ; Volckaert, Stijn</creator><creatorcontrib>Voulimeneas, Alexios ; Vinck, Jonas ; Mechelinck, Ruben ; Volckaert, Stijn</creatorcontrib><description>Memory Protection Keys for Userspace (PKU) is a recent hardware feature that allows programs to assign virtual memory pages to protection domains, and to change domain access permissions using inexpensive, unprivileged instructions. Several in-process memory isolation approaches leverage this feature to prevent untrusted code from accessing sensitive program state and data. Typically, PKU-based isolation schemes need to be used in conjunction with mitigations such as CFI because untrusted code, when compromised, can otherwise bypass the PKU access permissions using unprivileged instructions or operating system APIs. Recently, researchers proposed fully self-contained PKUbased memory isolation schemes that do not rely on other mitigations. These systems use exploit-proof call gates to transfer control between trusted and untrusted code, as well as a sandbox that prevents tampering with the PKU infrastructure from untrusted code. In this paper, we show that these solutions are not complete. We first develop two proof-of-concept attacks against a state-of-the-art PKU-based memory isolation scheme. We then present Garmr, a PKU-based sandboxing framework that can overcome limitations of existing sandboxes. We apply Garmr to several memory isolation schemes and show that it is practical, efficient and secure.</description><identifier>EISSN: 2331-8422</identifier><language>eng</language><publisher>Ithaca: Cornell University Library, arXiv.org</publisher><subject>Domains ; State (computer science) ; Virtual memory systems</subject><ispartof>arXiv.org, 2021-10</ispartof><rights>2021. This work is published under http://arxiv.org/licenses/nonexclusive-distrib/1.0/ (the “License”). Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License.</rights><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>780,784</link.rule.ids></links><search><creatorcontrib>Voulimeneas, Alexios</creatorcontrib><creatorcontrib>Vinck, Jonas</creatorcontrib><creatorcontrib>Mechelinck, Ruben</creatorcontrib><creatorcontrib>Volckaert, Stijn</creatorcontrib><title>Garmr: Defending the gates of PKU-based sandboxing</title><title>arXiv.org</title><description>Memory Protection Keys for Userspace (PKU) is a recent hardware feature that allows programs to assign virtual memory pages to protection domains, and to change domain access permissions using inexpensive, unprivileged instructions. Several in-process memory isolation approaches leverage this feature to prevent untrusted code from accessing sensitive program state and data. Typically, PKU-based isolation schemes need to be used in conjunction with mitigations such as CFI because untrusted code, when compromised, can otherwise bypass the PKU access permissions using unprivileged instructions or operating system APIs. Recently, researchers proposed fully self-contained PKUbased memory isolation schemes that do not rely on other mitigations. These systems use exploit-proof call gates to transfer control between trusted and untrusted code, as well as a sandbox that prevents tampering with the PKU infrastructure from untrusted code. In this paper, we show that these solutions are not complete. We first develop two proof-of-concept attacks against a state-of-the-art PKU-based memory isolation scheme. We then present Garmr, a PKU-based sandboxing framework that can overcome limitations of existing sandboxes. We apply Garmr to several memory isolation schemes and show that it is practical, efficient and secure.</description><subject>Domains</subject><subject>State (computer science)</subject><subject>Virtual memory systems</subject><issn>2331-8422</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2021</creationdate><recordtype>article</recordtype><sourceid>ABUWG</sourceid><sourceid>AFKRA</sourceid><sourceid>AZQEC</sourceid><sourceid>BENPR</sourceid><sourceid>CCPQU</sourceid><sourceid>DWQXO</sourceid><recordid>eNpjYuA0MjY21LUwMTLiYOAtLs4yMDAwMjM3MjU15mQwck8syi2yUnBJTUvNS8nMS1coyUhVSE8sSS1WyE9TCPAO1U1KLE5NUShOzEtJyq8AquBhYE1LzClO5YXS3AzKbq4hzh66BUX5haWpxSXxWfmlRXlAqXgjUwtDQ0MDQ1NjY-JUAQBsTjLX</recordid><startdate>20211010</startdate><enddate>20211010</enddate><creator>Voulimeneas, Alexios</creator><creator>Vinck, Jonas</creator><creator>Mechelinck, Ruben</creator><creator>Volckaert, Stijn</creator><general>Cornell University Library, arXiv.org</general><scope>8FE</scope><scope>8FG</scope><scope>ABJCF</scope><scope>ABUWG</scope><scope>AFKRA</scope><scope>AZQEC</scope><scope>BENPR</scope><scope>BGLVJ</scope><scope>CCPQU</scope><scope>DWQXO</scope><scope>HCIFZ</scope><scope>L6V</scope><scope>M7S</scope><scope>PIMPY</scope><scope>PQEST</scope><scope>PQQKQ</scope><scope>PQUKI</scope><scope>PRINS</scope><scope>PTHSS</scope></search><sort><creationdate>20211010</creationdate><title>Garmr: Defending the gates of PKU-based sandboxing</title><author>Voulimeneas, Alexios ; Vinck, Jonas ; Mechelinck, Ruben ; Volckaert, Stijn</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-proquest_journals_25811101533</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2021</creationdate><topic>Domains</topic><topic>State (computer science)</topic><topic>Virtual memory systems</topic><toplevel>online_resources</toplevel><creatorcontrib>Voulimeneas, Alexios</creatorcontrib><creatorcontrib>Vinck, Jonas</creatorcontrib><creatorcontrib>Mechelinck, Ruben</creatorcontrib><creatorcontrib>Volckaert, Stijn</creatorcontrib><collection>ProQuest SciTech Collection</collection><collection>ProQuest Technology Collection</collection><collection>Materials Science &amp; Engineering Collection</collection><collection>ProQuest Central (Alumni)</collection><collection>ProQuest Central UK/Ireland</collection><collection>ProQuest Central Essentials</collection><collection>ProQuest Central</collection><collection>Technology Collection</collection><collection>ProQuest One Community College</collection><collection>ProQuest Central Korea</collection><collection>SciTech Premium Collection</collection><collection>ProQuest Engineering Collection</collection><collection>Engineering Database</collection><collection>Publicly Available Content Database</collection><collection>ProQuest One Academic Eastern Edition (DO NOT USE)</collection><collection>ProQuest One Academic</collection><collection>ProQuest One Academic UKI Edition</collection><collection>ProQuest Central China</collection><collection>Engineering collection</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Voulimeneas, Alexios</au><au>Vinck, Jonas</au><au>Mechelinck, Ruben</au><au>Volckaert, Stijn</au><format>book</format><genre>document</genre><ristype>GEN</ristype><atitle>Garmr: Defending the gates of PKU-based sandboxing</atitle><jtitle>arXiv.org</jtitle><date>2021-10-10</date><risdate>2021</risdate><eissn>2331-8422</eissn><abstract>Memory Protection Keys for Userspace (PKU) is a recent hardware feature that allows programs to assign virtual memory pages to protection domains, and to change domain access permissions using inexpensive, unprivileged instructions. Several in-process memory isolation approaches leverage this feature to prevent untrusted code from accessing sensitive program state and data. Typically, PKU-based isolation schemes need to be used in conjunction with mitigations such as CFI because untrusted code, when compromised, can otherwise bypass the PKU access permissions using unprivileged instructions or operating system APIs. Recently, researchers proposed fully self-contained PKUbased memory isolation schemes that do not rely on other mitigations. These systems use exploit-proof call gates to transfer control between trusted and untrusted code, as well as a sandbox that prevents tampering with the PKU infrastructure from untrusted code. In this paper, we show that these solutions are not complete. We first develop two proof-of-concept attacks against a state-of-the-art PKU-based memory isolation scheme. We then present Garmr, a PKU-based sandboxing framework that can overcome limitations of existing sandboxes. We apply Garmr to several memory isolation schemes and show that it is practical, efficient and secure.</abstract><cop>Ithaca</cop><pub>Cornell University Library, arXiv.org</pub><oa>free_for_read</oa></addata></record>
fulltext fulltext
identifier EISSN: 2331-8422
ispartof arXiv.org, 2021-10
issn 2331-8422
language eng
recordid cdi_proquest_journals_2581110153
source Freely Accessible Journals at publisher websites
subjects Domains
State (computer science)
Virtual memory systems
title Garmr: Defending the gates of PKU-based sandboxing
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-25T08%3A25%3A03IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=document&rft.atitle=Garmr:%20Defending%20the%20gates%20of%20PKU-based%20sandboxing&rft.jtitle=arXiv.org&rft.au=Voulimeneas,%20Alexios&rft.date=2021-10-10&rft.eissn=2331-8422&rft_id=info:doi/&rft_dat=%3Cproquest%3E2581110153%3C/proquest%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2581110153&rft_id=info:pmid/&rfr_iscdi=true