Memory Isolation
Reading notes for talk: Intra-process Memory Isolation with Hardware support provided by Zhe Wang.
Information Hiding
Information Hiding Techniques (Code Pointer Integrity, Control Flow Integrity, Code Randomization)
- Hiding an important area at a random location
- Has no pointers in memory referring to it
- Is as small as possible
- Normal accesses are done through an offset from a dedicated register
However, information hiding techniques is not secure anymore, based on the new attack strategies:
- Avoid crash
- Reduce entropy
- Leak page table structure (side channel)
General Attack Vectors
- Gathering memory layout information
- Creating opportunities to probe safe areas
- Reducing randomization entropy
- Monitoring page-table access patterns
Intra-process Memory Isolation
Intel MPK: hardware boost for read/write permission changes, yet too much cost.
Memory Isolation Works
(SP'20) SEIMI: Efficient and Secure SMAP-Enabled Intra-process Memory Isolation
(TDSC) Dancing with Wolves: An Intra-process Isolation Technique with Privileged Hardware
(CCS'22) CETIS: Retrofitting Intel CET for Generic and Efficient Intra-process Memory Isolation
Future Ideas
- How to ensure the safe instrction that could access the isolated memory region cannot be abused. (binary rewrite / compiler backend)
- How to ensure the secret that stored into the isolated memory region cannot be leaked via transient execution attacks. (micro-architecture)