Projects per year
Abstract
C/C++ computing systems constitute a significant share of our critical software infrastructure and face substantial security risks from memory exploitation. A single memory safety error can potentially lead to the compromise of the entire software system. To efficiently secure C/C++ computing systems without extensive software adaption, the processor must be able to restrict memory access to individual memory locations, thereby enforcing the principle of least privilege. The integration of lightweight and transparent isolation mechanisms that offer flexible and scalable memory protection is crucial to minimize the attack surface of software attacks.
In this paper, we present cryptographic least privilege enforcement (CLPE), a novel mechanism for scalable memory isolation. Our lightweight ISA extension enforces cryptographic integrity checks for isolation granularities ranging from individual objects to arbitrarily sized protection domains. We achieve this through message authentication codes (MACs), linking pointers with specific access privileges that restrict access to memory resources. Our approach maintains compatibility with legacy software and only minimally increases the processor's microarchitectural complexity. We provide a formal model of our design, ensuring important properties of our ISA specification, and a hardware model, allowing functional and timing-accurate simulation. The simulated performance overhead of our hardware model shows an average overhead of 2.5-7.4 % for the SPEC CPU2017 benchmark suite.
In this paper, we present cryptographic least privilege enforcement (CLPE), a novel mechanism for scalable memory isolation. Our lightweight ISA extension enforces cryptographic integrity checks for isolation granularities ranging from individual objects to arbitrarily sized protection domains. We achieve this through message authentication codes (MACs), linking pointers with specific access privileges that restrict access to memory resources. Our approach maintains compatibility with legacy software and only minimally increases the processor's microarchitectural complexity. We provide a formal model of our design, ensuring important properties of our ISA specification, and a hardware model, allowing functional and timing-accurate simulation. The simulated performance overhead of our hardware model shows an average overhead of 2.5-7.4 % for the SPEC CPU2017 benchmark suite.
Original language | English |
---|---|
Title of host publication | IEEE International Symposium on Hardware Oriented Security and Trust (HOST) |
Publication status | Accepted/In press - 2025 |
Event | IEEE International Symposium on Hardware Oriented Security and Trust 2025: HOST 2025 - San Jose, United States Duration: 5 May 2025 → 8 May 2025 http://www.hostsymposium.org/ |
Conference
Conference | IEEE International Symposium on Hardware Oriented Security and Trust 2025: HOST 2025 |
---|---|
Abbreviated title | HOST 2025 |
Country/Territory | United States |
City | San Jose |
Period | 5/05/25 → 8/05/25 |
Internet address |
Keywords
- memory safety
- principle of least privilege
Fingerprint
Dive into the research topics of 'Cryptographic Least Privilege Enforcement for Scalable Memory Isolation'. Together they form a unique fingerprint.-
AWARE - Hardware-Ensured Software Security
Mangard, S. (Co-Investigator (CoI))
1/05/22 → 30/04/25
Project: Research project
-
SEIZE - Secure Edge Devices For Industrial Zero-Trust Environments
Mangard, S. (Co-Investigator (CoI))
1/01/22 → 31/12/24
Project: Research project