Show simple item record

AuthorElwell, Jesse
AuthorRiley, Ryan
AuthorAbu-Ghazaleh, Nael
AuthorPonomarev, Dmitry
Available date2016-05-16T10:55:23Z
Publication Date2014
Publication NameProceedings - International Symposium on High-Performance Computer Architecture
CitationJ. Elwell, R. Riley, N. Abu-Ghazaleh and D. Ponomarev, "A Non-Inclusive Memory Permissions architecture for protection against cross-layer attacks," 2014 IEEE 20th International Symposium on High Performance Computer Architecture (HPCA), Orlando, FL, 2014, pp. 201-212.
ISSN1530-0897
URIhttp://dx.doi.org/10.1109/HPCA.2014.6835931
URIhttp://hdl.handle.net/10576/4529
AbstractProtecting modern computer systems and complex software stacks against the growing range of possible attacks is becoming increasingly difficult. The architecture of modern commodity systems allows attackers to subvert privileged system software often using a single exploit. Once the system is compromised, inclusive permissions used by current architectures and operating systems easily allow a compromised high-privileged software layer to perform arbitrary malicious activities, even on behalf of other software layers. This paper presents a hardware-supported page permission scheme for the physical pages that is based on the concept of non-inclusive sets of memory permissions for different layers of system software such as hypervisors, operating systems, and user-level applications. Instead of viewing privilege levels as an ordered hierarchy with each successive level being more privileged, we view them as distinct levels each with its own set of permissions. Such a permission mechanism, implemented as part of a processor architecture, provides a common framework for defending against a range of recent attacks. We demonstrate that such a protection can be achieved with negligible performance overhead, low hardware complexity and minimal changes to the commodity OS and hypervisor code.
SponsorNPRP grant 4-1593-1-260 from the Qatar National Research Fund.
Languageen
PublisherIEEE
SubjectComputer software
SubjectComputer systems
SubjectHardware
SubjectSupercomputers
SubjectCommodity systems
SubjectComplex software
SubjectDifferent layers
SubjectHardware complexity
SubjectMalicious activities
SubjectModern computer systems
SubjectProcessor architectures
SubjectSystem softwares
TitleA non-inclusive memory permissions architecture for protection against cross-layer attacks
TypeConference Paper
Pagination201-212


Files in this item

FilesSizeFormatView

There are no files associated with this item.

This item appears in the following Collection(s)

Show simple item record