Fine-grained isolation to protect data against in-process attacks on AArch64

Research output: Contribution to journalArticlepeer-review

Abstract

In-process attacks are a new class of attacks that circumvent protection schemes centered around inter-process isolation. Against these attacks, researchers have proposed fine-grained data isolation schemes that can protect sensitive data from malicious accesses even during the same process. Their proposals based on salient hardware features, such as ARM® processor architecture’s domain protection, are quite successful, but it cannot be applied to a specific architecture, namely AArch64, as this does not provide the same hardware features. In this paper, therefore, we present Sealer, a fine-grained data isolation scheme applicable in AArch64. Sealer achieves its objective by brilliantly harmonizing two hardware features of AArch64: The eXecute-no-Read and the cryptographic extension. Sealer provides application developers with a set of application programming interface (API) so that the developers can enjoy the fine-grained data isolation in their own way.

Original languageEnglish
Article number236
JournalElectronics (Switzerland)
Volume9
Issue number2
DOIs
StatePublished - 2020 Feb
Externally publishedYes

Keywords

  • AArch64
  • EXecute-no-Read
  • Isolation

Fingerprint

Dive into the research topics of 'Fine-grained isolation to protect data against in-process attacks on AArch64'. Together they form a unique fingerprint.

Cite this