Write a Blog >>

The principle of least privilege suggests that we can enhance the reliability and security of programs by dividing them into compartments that communicate via restricted interfaces. In an unsafe language such as C, this can also isolate the impact of memory errors by restricting memory accesses across compartment boundaries. We are developing designs for C compartmentalization policies that can be efficiently implemented using tag-based hardware reference monitors. Our policies support dif- ferent cross-compartment interfaces, ranging from a “share- nothing” model where compartments interact only by func- tion call and return passing scalars, to a “share-anything” model in which compartments can exchange capabilities to access individual memory objects. Between these, novel hy- brid models distinguish local and shareable objects. The tag policies vary in how much memory protection they provide, from compartment-based fault isolation to full spatial and temporal memory safety for each object, and each supports further restriction via mandatory access control.

TagCCompartments.pdf (presentation.pdf)1.9MiB

Sat 25 Jan

prisc-2020-papers
15:35 - 17:45: Principles of Secure Compilation 2020 - Compartmentalization, memory safety, and isolation at Rosalie
Chair(s): Marco PatrignaniStanford University & CISPA , Jonathan ProtzenkoMicrosoft Research, Redmond
prisc-2020-papers15:35 - 15:59
Talk
Sean AndersonPortland State University, Andrew TolmachPortland State University, Chris ChhakPortland State University
Media Attached File Attached
prisc-2020-papers15:59 - 16:23
Talk
Aina Linn GeorgesAarhus University, Alix TrieuAarhus University, Lars BirkedalAarhus University
Media Attached
prisc-2020-papers16:23 - 16:47
Talk
Matteo BusiUniversità di Pisa - Dipartimento di Informatica, Job Noormanimec-DistriNet, Dept. of Computer Science, KU Leuven, Belgium, Jo Van Bulckimec-DistriNet, Dept. of Computer Science, KU Leuven, Belgium, Letterio GallettaIMT School for Advanced Studies, Pierpaolo DeganoUniversità di Pisa - Dipartimento di Informatica, Jan Tobias Mühlbergimec-DistriNet, Dept. of Computer Science, KU Leuven, Belgium, Frank PiessensKU Leuven
Media Attached File Attached
prisc-2020-papers16:47 - 16:57
Break
prisc-2020-papers16:57 - 17:21
Talk
Jay BosamiyaCarnegie Mellon University, Benjamin LimCarnegie Mellon University, Bryan ParnoCarnegie Mellon University
Media Attached File Attached
prisc-2020-papers17:21 - 17:45
Talk
Marco VassenaCISPA Helmholtz Center for Information Security, Marco PatrignaniStanford University & CISPA
Link to publication Media Attached File Attached