Flexible Tag-based Policies for Compartmentalized C
The principle of least privilege suggests that we can enhance the reliability and security of programs by dividing them into compartments that communicate via restricted interfaces. In an unsafe language such as C, this can also isolate the impact of memory errors by restricting memory accesses across compartment boundaries. We are developing designs for C compartmentalization policies that can be efficiently implemented using tag-based hardware reference monitors. Our policies support dif- ferent cross-compartment interfaces, ranging from a “share- nothing” model where compartments interact only by func- tion call and return passing scalars, to a “share-anything” model in which compartments can exchange capabilities to access individual memory objects. Between these, novel hy- brid models distinguish local and shareable objects. The tag policies vary in how much memory protection they provide, from compartment-based fault isolation to full spatial and temporal memory safety for each object, and each supports further restriction via mandatory access control.
TagCCompartments.pdf (presentation.pdf) | 1.9MiB |
Sat 25 Jan Times are displayed in time zone: Saskatchewan, Central America change
15:35 - 17:45: Compartmentalization, memory safety, and isolationPriSC at Rosalie Chair(s): Marco PatrignaniStanford University & CISPA , Jonathan ProtzenkoMicrosoft Research, Redmond | |||
15:35 - 15:59 Talk | Flexible Tag-based Policies for Compartmentalized C PriSC Sean AndersonPortland State University, Andrew TolmachPortland State University, CHR ChhakPortland State University Media Attached File Attached | ||
15:59 - 16:23 Talk | Mechanized Reasoning about a Capability Machine PriSC Media Attached | ||
16:23 - 16:47 Talk | Securing Interruptible Enclaves PriSC Matteo BusiUniversità di Pisa - Dipartimento di Informatica, Job Noormanimec-DistriNet, Dept. of Computer Science, KU Leuven, Belgium, Jo Van Bulckimec-DistriNet, Dept. of Computer Science, KU Leuven, Belgium, Letterio GallettaIMT School for Advanced Studies, Pierpaolo DeganoUniversità di Pisa - Dipartimento di Informatica, Jan Tobias Mühlbergimec-DistriNet, Dept. of Computer Science, KU Leuven, Belgium, Frank PiessensKU Leuven Media Attached File Attached | ||
16:47 - 16:57 Break | Mini-break PriSC | ||
16:57 - 17:21 Talk | WebAssembly as an Intermediate Language for Provably-Safe Software Sandboxing PriSC Jay BosamiyaCarnegie Mellon University, Benjamin LimCarnegie Mellon University, Bryan ParnoCarnegie Mellon University Media Attached File Attached | ||
17:21 - 17:45 Talk | Memory Safety Preservation for WebAssembly PriSC Marco VassenaCISPA Helmholtz Center for Information Security, Marco PatrignaniStanford University & CISPA Link to publication Media Attached File Attached |