Skip to content

Memory Isolation

Reading notes for talk: Intra-process Memory Isolation with Hardware support provided by Zhe Wang.

Information Hiding

Information Hiding Techniques (Code Pointer Integrity, Control Flow Integrity, Code Randomization)

  • Hiding an important area at a random location
  • Has no pointers in memory referring to it
  • Is as small as possible
  • Normal accesses are done through an offset from a dedicated register

However, information hiding techniques is not secure anymore, based on the new attack strategies:

  • Avoid crash
  • Reduce entropy
  • Leak page table structure (side channel)

General Attack Vectors

  1. Gathering memory layout information
  2. Creating opportunities to probe safe areas
  3. Reducing randomization entropy
  4. Monitoring page-table access patterns

Intra-process Memory Isolation

Intel MPK: hardware boost for read/write permission changes, yet too much cost.

Memory Isolation Works

(SP'20) SEIMI: Efficient and Secure SMAP-Enabled Intra-process Memory Isolation

(TDSC) Dancing with Wolves: An Intra-process Isolation Technique with Privileged Hardware

(CCS'22) CETIS: Retrofitting Intel CET for Generic and Efficient Intra-process Memory Isolation

Future Ideas

  1. How to ensure the safe instrction that could access the isolated memory region cannot be abused. (binary rewrite / compiler backend)
  2. How to ensure the secret that stored into the isolated memory region cannot be leaked via transient execution attacks. (micro-architecture)