dc.citation.conferencePlace |
US |
- |
dc.citation.conferencePlace |
Seattle |
- |
dc.citation.title |
USENIX Annual Technical Conference |
- |
dc.contributor.author |
Park, Soyeon |
- |
dc.contributor.author |
Lee, Sangho |
- |
dc.contributor.author |
Xu, Wen |
- |
dc.contributor.author |
Moon, Hyungon |
- |
dc.contributor.author |
Kim, Taesoo |
- |
dc.date.accessioned |
2024-02-01T00:06:49Z |
- |
dc.date.available |
2024-02-01T00:06:49Z |
- |
dc.date.created |
2019-12-17 |
- |
dc.date.issued |
2019-07-10 |
- |
dc.description.abstract |
Intel Memory Protection Keys (MPK) is a new hardware primitive to support thread-local permission control on groups of pages without requiring modification of page tables. Unfortunately, its current hardware implementation and software support suffer from security, scalability, and semantic problems: (1) vulnerable to protection-key-use-after-free; (2) providing the limited number of protection keys; and (3) incompatible with mprotect()’s process-based permission model.
In this paper, we propose libmpk, a software abstraction for MPK. It virtualizes the hardware protection keys to eliminate the protection-key-use-after-free problem while providing accesses to an unlimited number of virtualized keys. To support legacy applications, it also provides a lazy inter-thread key synchronization. To enhance the security of MPK itself, libmpk restricts unauthorized writes to its metadata. We apply libmpk to three real-world applications: OpenSSL, JavaScript JIT compiler, and Memcached for memory protection and isolation. Our evaluation shows that it introduces negligible performance overhead (<1%) compared with the original, unprotected versions and improves performance by 8.1× compared with the secure equivalents using mprotect(). The source code of libmpk is publicly available and maintained as an open source project. |
- |
dc.identifier.bibliographicCitation |
USENIX Annual Technical Conference |
- |
dc.identifier.scopusid |
2-s2.0-85076760217 |
- |
dc.identifier.uri |
https://scholarworks.unist.ac.kr/handle/201301/79501 |
- |
dc.identifier.url |
https://www.usenix.org/conference/atc19/presentation/park-soyeon |
- |
dc.publisher |
USENIX |
- |
dc.title |
libmpk: Software Abstraction for Intel Memory Protection Keys (Intel MPK) |
- |
dc.type |
Conference Paper |
- |
dc.date.conferenceDate |
2019-07-09 |
- |