Memory protection for system software isolation

系统软件隔离的内存保护

• 批准号: 2105211
• 金额: --
• 依托单位: Royal Holloway University of London
• 依托单位国家: 英国
• 项目类别: Studentship
• 财政年份: 2018
• 资助国家: 英国
• 起止时间: 2018 至 无数据
• 项目状态: 已结题
• 来源: https://gtr.ukri.org/projects?ref=studentship-2105211
• 关键词: Memory; protection; system; software; isolation

Memory vulnerabilities have been a recurrent challenge in systems security. Exploits are targeting increasingly lower levels of abstraction in the system stack (e.g. the OS kernel and firmware), the root of trust on which the user space relies. The goal of this PhD is to investigate and evaluate different approaches to achieving memory safety at a lower level in order to ensure a secure and isolated stack and in turn a more trustworthy user space. One such approach is to leverage memory safe languages such as Rust, which takes advantage of its ownership model to assign an owner to all values in scope, and hence facilitate safe referencing and dereferencing of memory addresses. Another approach is to leverage new hardware Instruction Set Architecture (ISA) extensions. For instance CHERI, a hybrid capability ISA extension for RISC architectures. It enables fault isolation in hardware by combining conventional ISA and Memory Management Unit (MMU) design choices with a capability-system model. CHERI capabilities enable fine-grained memory protection based on the principles of least privilege and intentional use in the execution of software at different levels of the system stack, hence preventing and mitigating vulnerabilities. Finally, initial work so far has explored the use of x86 ISA extension, in the form of Intel's memory protection extensions (MPX), to protect system software inside trusted execution environments (TEEs). We will explore the thesis that such approaches, both individually and in combination, can prevent and mitigate vulnerabilities in security-critical system software

内存漏洞一直是系统安全中的一个经常性挑战。漏洞利用的目标是系统堆栈中越来越低的抽象级别（例如操作系统内核和固件），这是用户空间所依赖的信任根。这个博士学位的目标是调查和评估在较低级别实现内存安全的不同方法，以确保安全和隔离的堆栈，从而确保更值得信赖的用户空间。其中一种方法是利用内存安全语言，如Rust，它利用其所有权模型为范围内的所有值分配所有者，从而促进内存地址的安全引用和解引用。另一种方法是利用新的硬件指令集架构（伊萨）扩展。例如CHERI，一个RISC架构的混合能力伊萨扩展。它通过将传统伊萨和内存管理单元（MMU）设计选择与功能系统模型相结合，实现了硬件故障隔离。CHERI功能基于系统堆栈不同级别的软件执行中的最小特权和故意使用原则实现细粒度内存保护，从而防止和减轻漏洞。最后，到目前为止的初步工作已经探索了使用x86伊萨扩展，以英特尔的内存保护扩展（MPX）的形式，来保护可信执行环境（TEE）中的系统软件。我们将探讨这样的方法，无论是单独的还是组合的，都可以防止和减轻安全关键系统软件中的漏洞