Browsing by Author "Dautenhahn, Nathan"

Now showing 1 - 2 of 2
  • Thumbnail Image
    Item
    Safe and Secure Subprocess Virtualization in Userspace.
    (2021-08-13) Im, Bumjin; Dautenhahn, Nathan
    Commodity operating systems isolate the application with process boundary, and all the developers develop the applications upon the principle. However, the applications cannot simply trust the process-based isolation. Virtually all the applications link at least one dynamic library on the runtime that the libraries share all the resources in the same process boundary. Unfortunately, the application developers do not fully understand the libraries they are using, and it could even be infeasible for some complex applications. If a single malicious or buggy library is linked to the application, it can breach the entire application due to its process boundary principle. Since the process-based isolation could continue for some time, it could be harder to achieve the least privilege. We propose a new process model, Endokernel, to resolve this issue. Endokernel contains a monitor inside the standard process in the commodity operating system and provides safe isolation between subprocess, maintenance, and the secure interactions between subprocesses. Endokernel also proposes a endoprocess virtualization technique. Utilizing endoprocess virtualization could realize a more  fine-grained least privilege principle in the commodity computing environment. We develop Intravirt as the prototype of Endokernel. Intravirt realizes the Endokernelmodel on Intel CPU and Linux by actively utilizing Intel  Memory Protection Key(MPK) and Control flow Enforcement Technology(CET) as the core security mechanisms. Since MPK and CET are hardware mechanisms, Intravirt aims to secure and high-performance endoprocess virtualization. We then evaluate the security and the performance of Intravirt by measuring microbenchmarks and the actual applications with several use cases for the secure computing environment. Throughout the research, we verify Endokernel is a feasible, lightweight, applicable, and effective security model.
  • Thumbnail Image
    Item
    Towards Fine-Grained Isolation Mechanisms for Intraprocess Isolation
    (2024-12-05) Yang, Fangfei; Cox, Alan L.; Dautenhahn, Nathan
    Memory safety has long been a significant challenge in computer software security. In this thesis, we propose a set of methods to mitigate memory safety issues. Our approach allows for isolation of different functions and modules within an application at the granularity of individual functions, thereby preventing the spread of memory safety issues between these modules. With our thread-safe security monitor, developers can specify untrusted code and data requiring extra protection, thereby restricting access to sensitive information in two key ways. The first, called a sandbox, isolates error-prone components, such as those used for computation, protocol state machines, and parsers. The second, called a safebox, protects sensitive data or security-critical elements, including privilege flags, access tokens, and ACLs. This model enhances data protection and supports the incremental isolation of critical parts at minimal cost. We introduce an innovative combination of memory safety with contextual re- sources, allowing the allocation of isolation contexts for temporarily created resources. For instance, this enables the isolation of communication contents between connec- tions from different users, with sharing permitted only through securely isolated mod- ules. A typical example is a chat server where each client has its own context for handling user connections and encryption keys, preventing attackers from accessing other users’ information. The received data is shared among receiving users through a shared memory within a safe module which include sufficiently small TCB code (containing only the minimal code required for memory copying). Finally, develop- ers can set additional system resource policies for these contexts, thus limiting their access to file systems, networks, and other resources. By utilizing alias mapping, we map the same physical memory to multiple vir- tual memory addresses, allowing different modules to share data structures without frequent copying. We embed this alias into the higher bits of the virtual address, which enables efficient address translation across domains with minimal overhead and facilitates the seamless use of shared memory across function calls. We simplify the process by allowing developers to express intentions rather than operations through code annotations, improving maintainability. This information can coexist with regular software code and be dynamically enabled or disabled through our tools, optimizing the use of limited hardware resources while balancing security and performance. Our system demonstrated 95% compatibility in LTP testing, indicating its ca- pability to support most applications developed for the Linux platform, including those that utilize signals and multithreading, without requiring additional porting. We conducted several micro-benchmarks for the implementation mechanisms our sys- tem relies on, better illustrating the system’s overhead sources and providing clearer guidance for users. We implemented module isolation in real applications like NGINX and Redis and created separate isolation contexts for user connections. These evaluations demon- strate that our system can be easily and progressively applied in practical software. Our overhead for individual module isolation ranged from 3% to 10%. When isola- tion was performed on both dimensions simultaneously, our overhead reached 10% to 40%