Visible to the public A Non-Inclusive Memory Permissions architecture for protection against cross-layer attacks

TitleA Non-Inclusive Memory Permissions architecture for protection against cross-layer attacks
Publication TypeConference Paper
Year of Publication2014
AuthorsElwell, J., Riley, R., Abu-Ghazaleh, N., Ponomarev, D.
Conference NameHigh Performance Computer Architecture (HPCA), 2014 IEEE 20th International Symposium on
Date PublishedFeb
Keywordsarbitrary malicious activities, complex software stack protection, cross-layer attack protection, Hardware, hardware complexity, hardware-supported page permission scheme, high-privileged software layer, hypervisor code, Memory management, modern commodity systems, modern computer system protection, noninclusive memory permissions architecture, Operating systems, ordered hierarchy, performance overhead, Permission, permission mechanism, privilege level, privileged system software, processor architecture, security of data, storage management, supervisory programs, System software, user-level applications, Virtual machine monitors

Protecting modern computer systems and complex software stacks against the growing range of possible attacks is becoming increasingly difficult. The architecture of modern commodity systems allows attackers to subvert privileged system software often using a single exploit. Once the system is compromised, inclusive permissions used by current architectures and operating systems easily allow a compromised high-privileged software layer to perform arbitrary malicious activities, even on behalf of other software layers. This paper presents a hardware-supported page permission scheme for the physical pages that is based on the concept of non-inclusive sets of memory permissions for different layers of system software such as hypervisors, operating systems, and user-level applications. Instead of viewing privilege levels as an ordered hierarchy with each successive level being more privileged, we view them as distinct levels each with its own set of permissions. Such a permission mechanism, implemented as part of a processor architecture, provides a common framework for defending against a range of recent attacks. We demonstrate that such a protection can be achieved with negligible performance overhead, low hardware complexity and minimal changes to the commodity OS and hypervisor code.

Citation Key6835931