Skip to main content
SpringerLink
Log in

Enabling Lightweight Privilege Separation in Applications with MicroGuards

  • Conference paper
  • First Online:
Applied Cryptography and Network Security Workshops (ACNS 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13907))

Included in the following conference series:

  • 394 Accesses

Abstract

Application compartmentalization and privilege separation are our primary weapons against ever-increasing security threats and privacy concerns on connected devices. Despite significant progress, it is still challenging to privilege separate inside an application address space and in multithreaded environments, particularly on resource-constrained and mobile devices. We propose MicroGuards, a lightweight kernel modification and set of security primitives and APIs aimed at flexible and fine-grained in-process memory protection and privilege separation in multithreaded applications. MicroGuards take advantage of hardware support in modern CPUs and are high-level enough to be adaptable to various architectures. This paper focuses on enabling MicroGuards on embedded and mobile devices running Linux kernel and utilizes tagged memory support to achieve good performance. Our evaluation show that MicroGuards add small runtime overhead (less than 3.5%), minimal memory footprint, and are practical to get integrated with existing applications to enable fine-grained privilege separation.

This paper will appear at the ACNS-SecMT2023 (Security in Mobile Technologies).

Z. Tarkhani—This work was done when the author was affiliated with the University of Cambridge.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 79.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 99.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Format string vulnerability in the Cherokee. https://www.cvedetails.com/cve/CVE-2004-1097/. Accessed 5 Jan 2020

  2. IoT developer survey 2019. https://iot.eclipse.org/resources/iot-developer-survey/iot-developer-survey-2019.pdf

  3. Raspberry Pi 3 Model B. https://www.raspberrypi.org/products/raspberry-pi-3-model-b

  4. Cyber security breaches survey 2018 (2018). https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2018

  5. List of data breaches (2018). https://en.wikipedia.org/wiki/List_of_data_breaches

  6. Almohri, H.M., Evans, D.: Fidelius charm: isolating unsafe rust code. In: Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy, pp. 248–255. ACM (2018)

    Google Scholar 

  7. Anati, I., Gueron, S., Johnson, S., Scarlata, V.: Innovative technology for CPU based attestation and sealing. In: Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy, vol. 13. ACM New York (2013)

    Google Scholar 

  8. ARM: CMSIS-Zone. https://arm-software.github.io/CMSIS_5/Zone/html/index.html

  9. ARM: Architecture reference manual; ARMv7-A and ARMv7-R edition (2012). https://static.docs.arm.com/ddi0406/c/DDI0406C_C_arm_architecture_reference_manual.pdf. Accessed 26 May 2020

  10. ARM: ARM®v8-M Security Extensions: requirements on development tools (2015)

    Google Scholar 

  11. ARM: ARM architecture reference manual ARMv8, for ARMv8-A architecture profile documentation (2018). https://developer.arm.com/docs/ddi0487/latest. Accessed 26 May 2020

  12. Arnautov, S., et al.: SCONE: secure Linux containers with Intel SGX. In: OSDI, vol. 16, pp. 689–703 (2016)

    Google Scholar 

  13. Baumann, A., Appavoo, J., Krieger, O., Roscoe, T.: A fork () in the road. In: Proceedings of the Workshop on Hot Topics in Operating Systems, pp. 14–22. ACM (2019)

    Google Scholar 

  14. Belay, A., Bittau, A., Mashtizadeh, A., Terei, D., Mazières, D., Kozyrakis, C.: Dune: safe user-level access to privileged CPU features. In: Presented as part of the 10th USENIX Symposium on Operating Systems Design and Implementation (OSDI 2012), pp. 335–348 (2012)

    Google Scholar 

  15. Berger, E.D., Zorn, B.G., McKinley, K.S.: Composing high-performance memory allocators (2001)

    Google Scholar 

  16. Bittau, A., Marchenko, P., Handley, M., Karp, B.: Wedge: splitting applications into reduced-privilege compartments. In: USENIX Association (2008)

    Google Scholar 

  17. Blessing, J., Specter, M.A., Weitzner, D.J.: You really shouldn’t roll your own crypto: an empirical study of vulnerabilities in cryptographic libraries. arXiv preprint arXiv:2107.04940 (2021)

  18. Brumley, D., Song, D.: Privtrans: automatically partitioning programs for privilege separation. In: USENIX Security Symposium, pp. 57–72 (2004)

    Google Scholar 

  19. Burow, N., Zhang, X., Payer, M.: SoK: shining light on shadow stacks. In: 2019 IEEE Symposium on Security and Privacy (SP), pp. 985–999. IEEE (2019)

    Google Scholar 

  20. Chen, Y., Reymondjohnson, S., Sun, Z., Lu, L.: Shreds: fine-grained execution units with private memory. In: 2016 IEEE Symposium on Security and Privacy (SP), pp. 56–71. IEEE (2016)

    Google Scholar 

  21. Cox, G., Bhattacharjee, A.: Efficient address translation for architectures with multiple page sizes. ACM SIGOPS Operating Syst. Rev. 51(2), 435–448 (2017)

    Article  Google Scholar 

  22. Deng, Z., Saltaformaggio, B., Zhang, X., Xu, D.: iRiS: vetting private API abuse in iOS applications. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 44–56. ACM (2015)

    Google Scholar 

  23. Durumeric, Z., et al.: The matter of heartbleed. In: Proceedings of the 2014 Conference on Internet Measurement Conference, pp. 475–488. ACM (2014)

    Google Scholar 

  24. Elliott, A.S., Ruef, A., Hicks, M., Tarditi, D.: Checked C: making C safe by extension. In: 2018 IEEE Cybersecurity Development (SecDev), pp. 53–60. IEEE (2018)

    Google Scholar 

  25. Ferraiuolo, A., Zhao, M., Myers, A.C., Suh, G.E.: HyperFlow: a processor architecture for nonmalleable, timing-safe information flow security. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 1583–1600. ACM (2018)

    Google Scholar 

  26. Frassetto, T., Gens, D., Liebchen, C., Sadeghi, A.R.: JITGuard: hardening just-in-time compilers with SGX. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 2405–2419. ACM (2017)

    Google Scholar 

  27. Gruss, D., Lipp, M., Schwarz, M., Fellner, R., Maurice, C., Mangard, S.: KASLR is dead: long live KASLR. In: Bodden, E., Payer, M., Athanasopoulos, E. (eds.) ESSoS 2017. LNCS, vol. 10379, pp. 161–176. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-62105-0_11

    Chapter  Google Scholar 

  28. Guan, L., et al.: TrustShadow: secure execution of unmodified applications with ARM TrustZone. In: Proceedings of the 15th Annual International Conference on Mobile Systems, Applications, and Services, pp. 488–501. ACM (2017)

    Google Scholar 

  29. Hsu, T.C.H., Hoffman, K., Eugster, P., Payer, M.: Enforcing least privilege memory views for multithreaded applications. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 393–405. ACM (2016)

    Google Scholar 

  30. Hunt, T., Jia, Z., Miller, V., Rossbach, C.J., Witchel, E.: Isolation and beyond: challenges for system security. In: Proceedings of the Workshop on Hot Topics in Operating Systems, pp. 96–104. ACM (2019)

    Google Scholar 

  31. Intel: Intel® 64 and IA-32 architectures software developer’s manual (2019). https://software.intel.com/sites/default/files/managed/39/c5/325462-sdm-vol-1-2abcd-3abcd.pdf

  32. Kocher, P., et al.: Spectre attacks: exploiting speculative execution. arXiv preprint arXiv:1801.01203 (2018)

  33. Koning, K., Chen, X., Bos, H., Giuffrida, C., Athanasopoulos, E.: No need to hide: protecting safe regions on commodity hardware. In: Proceedings of the Twelfth European Conference on Computer Systems, pp. 437–452. ACM (2017)

    Google Scholar 

  34. Krohn, M., et al.: Information flow control for standard OS abstractions. In: ACM SIGOPS Operating Systems Review, vol. 41, pp. 321–334. ACM (2007)

    Google Scholar 

  35. Lamowski, B., Weinhold, C., Lackorzynski, A., Härtig, H.: Sandcrust: automatic sandboxing of unsafe components in Rust. In: Proceedings of the 9th Workshop on Programming Languages and Operating Systems, pp. 51–57. ACM (2017)

    Google Scholar 

  36. Lazar, D., Chen, H., Wang, X., Zeldovich, N.: Why does cryptographic software fail? A case study and open problems. In: Proceedings of 5th Asia-Pacific Workshop on Systems, pp. 1–7 (2014)

    Google Scholar 

  37. Lipp, M., et al.: Meltdown. arXiv preprint arXiv:1801.01207 (2018)

  38. Litton, J., Vahldiek-Oberwagner, A., Elnikety, E., Garg, D., Bhattacharjee, B., Druschel, P.: Light-weight contexts: an OS abstraction for safety and performance. In: 12th USENIX Symposium on Operating Systems Design and Implementation (OSDI 2016), pp. 49–64 (2016)

    Google Scholar 

  39. Melara, M.S., Freedman, M.J., Bowman, M.: EnclaveDom: privilege separation for large-TCB applications in trusted execution environments. arXiv preprint arXiv:1907.13245 (2019)

  40. Mo, F., Tarkhani, Z., Haddadi, H.: SoK: machine learning with confidential computing. arXiv preprint arXiv:2208.10134 (2022)

  41. Morgan, L.: List of data breaches and cyber attacks in October 2017 – 55 million records leaked (2017). https://www.itgovernance.co.uk/blog/list-of-data-breaches-and-cyber-attacks-in-october-2017-55-million-records-leaked/

  42. Morris, J., Smalley, S., Kroah-Hartman, G.: Linux security modules: general security support for the Linux kernel. In: USENIX Security Symposium, Berkeley, CA, pp. 17–31. ACM (2002)

    Google Scholar 

  43. Park, S., Lee, S., Xu, W., Moon, H., Kim, T.: Libmpk: software abstraction for Intel memory protection keys. arXiv preprint arXiv:1811.07276 (2018)

  44. Provos, N., Friedl, M., Honeyman, P.: Preventing privilege escalation. In: USENIX Security Symposium (2003)

    Google Scholar 

  45. Roy, I., Porter, D.E., Bond, M.D., McKinley, K.S., Witchel, E.: Laminar: practical fine-grained decentralized information flow control, vol. 44. ACM (2009)

    Google Scholar 

  46. Sehr, D., et al.: Adapting software fault isolation to contemporary CPU architectures (2010)

    Google Scholar 

  47. Sigurbjarnarson, H., Nelson, L., Castro-Karney, B., Bornholt, J., Torlak, E., Wang, X.: Nickel: a framework for design and verification of information flow control systems. In: 13th USENIX Symposium on Operating Systems Design and Implementation (OSDI 2018), pp. 287–305 (2018)

    Google Scholar 

  48. Singh, J., Cobbe, J., Quoc, D.L., Tarkhani, Z.: Enclaves in the clouds: legal considerations and broader implications. Commun. ACM 64(5), 42–51 (2021)

    Article  Google Scholar 

  49. StewardJack, J.: The ultimate list of internet of things statistics for 2022 (2021). https://findstack.com/internet-of-things-statistics/

  50. Tarkhani, Z.: Secure programming with dispersed compartments. Ph.D. thesis, University of Cambridge (2022)

    Google Scholar 

  51. Tarkhani, Z., Madhavapeddy, A.: Enclave-aware compartmentalization and secure sharing with Sirius. arXiv preprint arXiv:2009.01869 (2020)

  52. Tarkhani, Z., Madhavapeddy, A., Mortier, R.: Snape: the dark art of handling heterogeneous enclaves. In: Proceedings of the 2nd International Workshop on Edge Systems, Analytics and Networking, pp. 48–53 (2019)

    Google Scholar 

  53. Tarkhani, Z., Qendro, L., Brown, M.O., Hill, O., Mascolo, C., Madhavapeddy, A.: Enhancing the security & privacy of wearable brain-computer interfaces. arXiv preprint arXiv:2201.07711 (2022)

  54. Tock: Finer grained memory protection on Cortex-M3 MPUs. https://github.com/tock/tock/issues/1532

  55. Vahldiek-Oberwagner, A., Elnikety, E., Duarte, N.O., Sammler, M., Druschel, P., Garg, D.: ERIM: secure, efficient in-process isolation with protection keys (MPK). In: 28th USENIX Security Symposium (USENIX Security 2019), pp. 1221–1238 (2019)

    Google Scholar 

  56. Wahbe, R., Lucco, S., Anderson, T.E., Graham, S.L.: Efficient software-based fault isolation. In: ACM SIGOPS Operating Systems Review, vol. 27, pp. 203–216. ACM (1994)

    Google Scholar 

  57. Wang, J., Xiong, X., Liu, P.: Between mutual trust and mutual distrust: practical fine-grained privilege separation in multithreaded applications. In: 2015 USENIX Annual Technical Conference (USENIX ATC 2015), pp. 361–373 (2015)

    Google Scholar 

  58. Watson, R.N., et al.: Cheri: a hybrid capability-system architecture for scalable software compartmentalization. In: 2015 IEEE Symposium on Security and Privacy (SP), pp. 20–37. IEEE (2015)

    Google Scholar 

  59. Zeldovich, N., Boyd-Wickizer, S., Kohler, E., Mazières, D.: Making information flow explicit in HiStar. In: Proceedings of the 7th Symposium on Operating Systems Design and Implementation, pp. 263–278. USENIX Association (2006)

    Google Scholar 

  60. Zeldovich, N., Kannan, H., Dalton, M., Kozyrakis, C.: Hardware enforcement of application security policies using tagged memory. In: OSDI, vol. 8, pp. 225–240 (2008)

    Google Scholar 

  61. Zero, P.: Introduction: Bugs in memory management code (2019). https://googleprojectzero.blogspot.com/2019/01/taking-page-from-kernels-book-tlb-issue.html

  62. Zhou, Y., Wang, X., Chen, Y., Wang, Z.: ARMlock: hardware-based fault isolation for ARM. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 558–569. ACM (2014)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Microsoft Research Cambridge, Cambridge, UK

    Zahra Tarkhani

  2. University of Cambridge, Cambridge, UK

    Anil Madhavapeddy

Authors
  1. Zahra Tarkhani
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Anil Madhavapeddy
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Anil Madhavapeddy .

Editor information

Editors and Affiliations

  1. Singapore University of Technology and Design, Singapore, Singapore

    Jianying Zhou

  2. Radboud University Nijmegen, Nijmegen, The Netherlands

    Lejla Batina

  3. Shandong University of Science and Technology, Qingdao, China

    Zengpeng Li

  4. University of Science and Technology of China, Hefei, China

    Jingqiang Lin

  5. University of Padua, Padua, Italy

    Eleonora Losiouk

  6. Concordia University, Montreal, QC, Canada

    Suryadipta Majumdar

  7. Illinois at Singapore Pte Ltd., Singapore, Singapore

    Daisuke Mashima

  8. Technical University Denmark, Kongens Lyngby, Denmark

    Weizhi Meng

  9. Radboud University Nijmegen, Nijmegen, The Netherlands

    Stjepan Picek

  10. Florida International University, Miami, FL, USA

    Mohammad Ashiqur Rahman

  11. Zhejiang Gongshang University, Hangzhou, China

    Jun Shao

  12. SECOM Co., Ltd., University of Tsukuba, Tokyo / Ibaraki, Japan

    Masaki Shimaoka

  13. Royal Holloway University of London, Egham, UK

    Ezekiel Soremekun

  14. University of Aizu, Aizuwakamatsu, Fukushima, Japan

    Chunhua Su

  15. Universiti Sains Malaysia, Gelugor, Malaysia

    Je Sen Teh

  16. University of Luxembourg, Esch-sur-Alzette, Luxembourg

    Aleksei Udovenko

  17. City University of Hong Kong, Hong Kong, Hong Kong

    Cong Wang

  18. Griffith University, Southport, QLD, Australia

    Leo Zhang

  19. Delft University of Technology, Delft, The Netherlands

    Yury Zhauniarovich

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Tarkhani, Z., Madhavapeddy, A. (2023). Enabling Lightweight Privilege Separation in Applications with MicroGuards. In: Zhou, J., et al. Applied Cryptography and Network Security Workshops. ACNS 2023. Lecture Notes in Computer Science, vol 13907. Springer, Cham. https://doi.org/10.1007/978-3-031-41181-6_31

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-41181-6_31

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-41180-9

  • Online ISBN: 978-3-031-41181-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation