Secure Memory Management on Modern Hardware

Authors

Reto Achermann, Nora Hossle, Lukas Humbel, Daniel Schwyn, David Cock and Timothy Roscoe

Venue

arXiv Preprint

Links

[ .doi ] [ .pdf ] [ .bib ]

Abstract

Almost all modern hardware, from phone SoCs to high-end servers with accelerators, contain memory translation and protection hardware like IOMMUs, firewalls, and lookup tables which make it impossible to reason about, and enforce protection and isolation based solely on the processor's MMUs. This has led to numerous bugs and security vulnerabilities in today's system software.

In this paper we regain the ability to reason about and enforce access control using the proven concept of a reference monitor mediating accesses to memory resources. We present a fine-grained, realistic memory protection model that makes this traditional concept applicable today, and bring system software in line with the complexity of modern, heterogeneous hardware.

Our design is applicable to any operating system, regardless of architecture. We show that it not only enforces the integrity properties of a system, but does so with no inherent performance overhead and it is even amenable to automation through code generation from trusted hardware specifications.

Bibtex

@article{Achermann:2020:SMM,
 author = {Reto Achermann and Nora Hossle and Lukas Humbel and Daniel Schwyn and David Cock and Timothy Roscoe},
 doi = {10.48550/arXiv.2009.02737},
 eprint = {2009.02737},
 eprintclass = {cs.OS},
 eprinttype = {preprint},
 id = {Achermann:2020:SMM},
 journal = {arXiv Preprint},
 publisher = {2009.02737},
 title = {Secure Memory Management on Modern Hardware},
 url = {https://doi.org/10.48550/arXiv.2009.02737},
 year = {2020}
}

Contact

The University of British Columbia
Department of Computer Science
2366 Main Mall
ICICS Building, Office 341
Vancouver, BC V6T 1Z4
Canada

achreto [at] cs.ubc.ca
+1 604 827 2446