Browsing by Author "Yang, Fangfei"

Now showing 1 - 1 of 1
  • Thumbnail Image
    Item
    Towards Fine-Grained Isolation Mechanisms for Intraprocess Isolation
    (2024-12-05) Yang, Fangfei; Cox, Alan L.; Dautenhahn, Nathan
    Memory safety has long been a significant challenge in computer software security. In this thesis, we propose a set of methods to mitigate memory safety issues. Our approach allows for isolation of different functions and modules within an application at the granularity of individual functions, thereby preventing the spread of memory safety issues between these modules. With our thread-safe security monitor, developers can specify untrusted code and data requiring extra protection, thereby restricting access to sensitive information in two key ways. The first, called a sandbox, isolates error-prone components, such as those used for computation, protocol state machines, and parsers. The second, called a safebox, protects sensitive data or security-critical elements, including privilege flags, access tokens, and ACLs. This model enhances data protection and supports the incremental isolation of critical parts at minimal cost. We introduce an innovative combination of memory safety with contextual re- sources, allowing the allocation of isolation contexts for temporarily created resources. For instance, this enables the isolation of communication contents between connec- tions from different users, with sharing permitted only through securely isolated mod- ules. A typical example is a chat server where each client has its own context for handling user connections and encryption keys, preventing attackers from accessing other users’ information. The received data is shared among receiving users through a shared memory within a safe module which include sufficiently small TCB code (containing only the minimal code required for memory copying). Finally, develop- ers can set additional system resource policies for these contexts, thus limiting their access to file systems, networks, and other resources. By utilizing alias mapping, we map the same physical memory to multiple vir- tual memory addresses, allowing different modules to share data structures without frequent copying. We embed this alias into the higher bits of the virtual address, which enables efficient address translation across domains with minimal overhead and facilitates the seamless use of shared memory across function calls. We simplify the process by allowing developers to express intentions rather than operations through code annotations, improving maintainability. This information can coexist with regular software code and be dynamically enabled or disabled through our tools, optimizing the use of limited hardware resources while balancing security and performance. Our system demonstrated 95% compatibility in LTP testing, indicating its ca- pability to support most applications developed for the Linux platform, including those that utilize signals and multithreading, without requiring additional porting. We conducted several micro-benchmarks for the implementation mechanisms our sys- tem relies on, better illustrating the system’s overhead sources and providing clearer guidance for users. We implemented module isolation in real applications like NGINX and Redis and created separate isolation contexts for user connections. These evaluations demon- strate that our system can be easily and progressively applied in practical software. Our overhead for individual module isolation ranged from 3% to 10%. When isola- tion was performed on both dimensions simultaneously, our overhead reached 10% to 40%