Capacity: Cryptographically-Enforced In-Process Capabilities for Modern ARM Architectures (Extended Version)
- URL: http://arxiv.org/abs/2309.11151v1
- Date: Wed, 20 Sep 2023 08:57:02 GMT
- Title: Capacity: Cryptographically-Enforced In-Process Capabilities for Modern ARM Architectures (Extended Version)
- Authors: Kha Dinh Duy, Kyuwon Cho, Taehyun Noh, Hojoon Lee,
- Abstract summary: Capacity is a novel hardware-assisted intra-process access control design that embraces capability-based security principles.
With intra-process domains authenticated with unique PA keys, Capacity transforms file descriptors and memory pointers into cryptographically-authenticated references.
We evaluate our Capacity-enabled NGINX web server prototype and other common applications in which sensitive resources are isolated into different domains.
- Score: 1.2687030176231846
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: In-process compartmentalization and access control have been actively explored to provide in-place and efficient isolation of in-process security domains. Many works have proposed compartmentalization schemes that leverage hardware features, most notably using the new page-based memory isolation feature called Protection Keys for Userspace (PKU) on x86. Unfortunately, the modern ARM architecture does not have an equivalent feature. Instead, newer ARM architectures introduced Pointer Authentication (PA) and Memory Tagging Extension (MTE), adapting the reference validation model for memory safety and runtime exploit mitigation. We argue that those features have been underexplored in the context of compartmentalization and that they can be retrofitted to implement a capability-based in-process access control scheme. This paper presents Capacity, a novel hardware-assisted intra-process access control design that embraces capability-based security principles. Capacity coherently incorporates the new hardware security features on ARM that already exhibit inherent characteristics of capability. It supports the life-cycle protection of the domain's sensitive objects -- starting from their import from the file system to their place in memory. With intra-process domains authenticated with unique PA keys, Capacity transforms file descriptors and memory pointers into cryptographically-authenticated references and completely mediates reference usage with its program instrumentation framework and an efficient system call monitor. We evaluate our Capacity-enabled NGINX web server prototype and other common applications in which sensitive resources are isolated into different domains. Our evaluation shows that Capacity incurs a low-performance overhead of approximately 17% for the single-threaded and 13.54% for the multi-threaded webserver.
Related papers
- Building a Robust Risk-Based Access Control System to Combat Ransomware's Capability to Encrypt: A Machine Learning Approach [0.510691253204425]
Ransomware core capability, unauthorized encryption, demands controls that identify and block malicious cryptographic activity without disrupting legitimate use.<n>We present a probabilistic, risk-based access control architecture that couples machine learning inference with mandatory access control to regulate encryption on Linux in real time.
arXiv Detail & Related papers (2026-01-23T14:48:35Z) - CAPIO: Safe Kernel-Bypass of Commodity Devices using Capabilities [0.2624902795082451]
CAPIO is the first architecture to leverage hardware capabilities to enforce fine-grained access control on memory-mapped I/O.<n>We show that CAPIO achieves the latency improvements of kernel bypass while enforcing byte-level access control of privileged resources.
arXiv Detail & Related papers (2025-12-18T01:54:00Z) - Breaking Isolation: A New Perspective on Hypervisor Exploitation via Cross-Domain Attacks [36.844941042404315]
Cross-Domain Attacks are a class of exploitation techniques that enable capability escalation through guest memory reuse.<n>We develop a system that identifies cross-domain gadgets, matches them with corrupted pointers, synthesizes triggering inputs, and assembles complete exploit chains.
arXiv Detail & Related papers (2025-12-03T20:55:26Z) - Optimized Memory Tagging on AmpereOne Processors [0.0]
The Memory Tagging Extension (MTE) to the ARM AArch64 Instruction Set Architecture is a valuable tool to address memory-safety escapes.<n>This paper analyzes the complete hardware-software stack, identifying application memory management as the primary remaining source of overhead.
arXiv Detail & Related papers (2025-11-21T20:39:31Z) - AlDBaran: Towards Blazingly Fast State Commitments for Blockchains [52.39305978984572]
AlDBaran is an authenticated data structure capable of handling state updates efficiently at a network throughput of 50 Gbps.<n>AlDBaran provides support for historical state proofs, which facilitates a wide array of novel applications.<n>On consumer-level portable hardware, it achieves approximately 8 million updates/s in an in-memory setting and 5 million updates/s with snapshots at sub-second intervals.
arXiv Detail & Related papers (2025-08-14T09:52:15Z) - RX-INT: A Kernel Engine for Real-Time Detection and Analysis of In-Memory Threats [0.0]
We present RX-INT, a kernel-assisted system featuring an architecture that provides resilience against TOCTOU attacks.<n> RX-INT introduces a detection engine that combines a real-time thread creation monitor with a stateful Virtual Address Descriptor (VAD) scanner.<n>In our evaluation, RX-INT successfully detected a manually mapped region that was not identified by PE-sieve.
arXiv Detail & Related papers (2025-08-05T19:43:25Z) - DRIFT: Dynamic Rule-Based Defense with Injection Isolation for Securing LLM Agents [52.92354372596197]
Large Language Models (LLMs) are increasingly central to agentic systems due to their strong reasoning and planning capabilities.<n>This interaction also introduces the risk of prompt injection attacks, where malicious inputs from external sources can mislead the agent's behavior.<n>We propose a Dynamic Rule-based Isolation Framework for Trustworthy agentic systems, which enforces both control and data-level constraints.
arXiv Detail & Related papers (2025-06-13T05:01:09Z) - NanoZone: Scalable, Efficient, and Secure Memory Protection for Arm CCA [4.597444093276292]
Arm Confidential Computing Architecture (CCA) currently isolates at the granularity of an entire Confidential Virtual Machine (CVM)<n>We extend CCA with a three-tier zone model that spawns an unlimited number of lightweight isolation domains inside a single process.<n>To block domain-switch abuse, we also add a fast user-level Code-Pointer Integrity (CPI) mechanism.
arXiv Detail & Related papers (2025-06-08T07:55:48Z) - vApps: Verifiable Applications at Internet Scale [2.931173822616461]
Verifiable Applications (vApps) is a novel development framework designed to streamline the creation and deployment of verifiable computing applications.
vApps offer a unified Rust-based Domain-Specific Language ( DSL) within a comprehensive SDK.
This eases the developer's burden in securing diverse software components, allowing them to focus on application logic.
arXiv Detail & Related papers (2025-04-21T02:19:06Z) - CSR:Achieving 1 Bit Key-Value Cache via Sparse Representation [63.65323577445951]
We propose a novel approach called Cache Sparse Representation (CSR)
CSR transforms the dense Key-Value cache tensor into sparse indexes and weights, offering a more memory-efficient representation during LLM inference.
Our experiments demonstrate CSR achieves performance comparable to state-of-the-art KV cache quantization algorithms.
arXiv Detail & Related papers (2024-12-16T13:01:53Z) - BULKHEAD: Secure, Scalable, and Efficient Kernel Compartmentalization with PKS [16.239598954752594]
Kernel compartmentalization is a promising approach that follows the least-privilege principle.
We present BULKHEAD, a secure, scalable, and efficient kernel compartmentalization technique.
We implement a prototype system on Linux v6.1 to compartmentalize loadable kernel modules.
arXiv Detail & Related papers (2024-09-15T04:11:26Z) - Designing and Implementing a Generator Framework for a SIMD Abstraction Library [53.84310825081338]
We present TSLGen, a novel end-to-end framework for generating an SIMD abstraction library.
We show that our framework is comparable to existing libraries, and we achieve the same performance results.
arXiv Detail & Related papers (2024-07-26T13:25:38Z) - ShadowBound: Efficient Heap Memory Protection Through Advanced Metadata Management and Customized Compiler Optimization [24.4696797147503]
heap corruption poses severe threats to system security.
We present ShadowBound, a unique heap memory protection design.
We implement ShadowBound atop the LLVM framework and integrated three state-of-the-art use-after-free defenses.
arXiv Detail & Related papers (2024-06-04T07:02:53Z) - HasTEE+ : Confidential Cloud Computing and Analytics with Haskell [50.994023665559496]
Confidential computing enables the protection of confidential code and data in a co-tenanted cloud deployment using specialized hardware isolation units called Trusted Execution Environments (TEEs)
TEEs offer low-level C/C++-based toolchains that are susceptible to inherent memory safety vulnerabilities and lack language constructs to monitor explicit and implicit information-flow leaks.
We address the above with HasTEE+, a domain-specific language (cla) embedded in Haskell that enables programming TEEs in a high-level language with strong type-safety.
arXiv Detail & Related papers (2024-01-17T00:56:23Z) - Joint Modeling of Feature, Correspondence, and a Compressed Memory for
Video Object Segmentation [52.11279360934703]
Current prevailing Video Object (VOS) methods usually perform dense matching between the current and reference frames after extracting features.
We propose a unified VOS framework, coined as JointFormer, for joint modeling of the three elements of feature, correspondence, and a compressed memory.
arXiv Detail & Related papers (2023-08-25T17:30:08Z) - Citadel: Real-World Hardware-Software Contracts for Secure Enclaves Through Microarchitectural Isolation and Controlled Speculation [8.414722884952525]
Hardware isolation primitives such as secure enclaves aim to protect programs, but remain vulnerable to transient execution attacks.
This paper advocates for processors to incorporate microarchitectural isolation primitives and mechanisms for controlled speculation.
We introduce two mechanisms to securely share memory between an enclave and an untrusted OS in an out-of-order processor.
arXiv Detail & Related papers (2023-06-26T17:51:23Z) - Energy-efficient Task Adaptation for NLP Edge Inference Leveraging
Heterogeneous Memory Architectures [68.91874045918112]
adapter-ALBERT is an efficient model optimization for maximal data reuse across different tasks.
We demonstrate the advantage of mapping the model to a heterogeneous on-chip memory architecture by performing simulations on a validated NLP edge accelerator.
arXiv Detail & Related papers (2023-03-25T14:40:59Z) - A Many-ported and Shared Memory Architecture for High-Performance ADAS
SoCs [11.760927352147798]
We present a shared memory architecture that enables high data throughput among native parallel accesses to ADAS applications.
The results validate that the proposed architecture provides close to 100% throughput for both read and write accesses.
It can also provide consistent to the domain specific payloads while enabling the scalability and modularity of the design.
arXiv Detail & Related papers (2022-09-13T04:58:27Z) - CryptSan: Leveraging ARM Pointer Authentication for Memory Safety in
C/C++ [0.9208007322096532]
CryptSan is a memory safety approach based on ARM Pointer Authentication.
We present a full LLVM-based prototype implementation, running on an M1 MacBook Pro.
This, together with its interoperability with uninstrumented libraries and cryptographic protection against attacks on metadata, makes CryptSan a viable solution for retrofitting memory safety to C/C++ programs.
arXiv Detail & Related papers (2022-02-17T14:04:01Z) - Safe RAN control: A Symbolic Reinforcement Learning Approach [62.997667081978825]
We present a Symbolic Reinforcement Learning (SRL) based architecture for safety control of Radio Access Network (RAN) applications.
We provide a purely automated procedure in which a user can specify high-level logical safety specifications for a given cellular network topology.
We introduce a user interface (UI) developed to help a user set intent specifications to the system, and inspect the difference in agent proposed actions.
arXiv Detail & Related papers (2021-06-03T16:45:40Z) - CARAFE++: Unified Content-Aware ReAssembly of FEatures [132.49582482421246]
We propose unified Content-Aware ReAssembly of FEatures (CARAFE++), a universal, lightweight and highly effective operator to fulfill this goal.
CARAFE++ generates adaptive kernels on-the-fly to enable instance-specific content-aware handling.
It shows consistent and substantial gains across all the tasks with negligible computational overhead.
arXiv Detail & Related papers (2020-12-07T07:34:57Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.