Sciweavers

OSDI
2008
ACM

Hardware Enforcement of Application Security Policies Using Tagged Memory

14 years 11 months ago
Hardware Enforcement of Application Security Policies Using Tagged Memory
Computers are notoriously insecure, in part because application security policies do not map well onto traditional protection mechanisms such as Unix user accounts or hardware page tables. Recent work has shown that application policies can be expressed in terms of information flow restrictions and enforced in an OS kernel, providing a strong assurance of security. This paper shows that enforcement of these policies can be pushed largely into the processor itself, by using tagged memory support, which can provide stronger security guarantees by enforcing application security even if the OS kernel is compromised. We present the Loki tagged memory architecture, along with a novel operating system structure that takes advantage of tagged memory to enforce application security policies in hardware. We built a full-system prototype of Loki by modifying a synthesizable SPARC core, mapping it to an FPGA board, and porting HiStar, a Unix-like operating system, to run on it. One result is that...
Nickolai Zeldovich, Hari Kannan, Michael Dalton, C
Added 03 Dec 2009
Updated 03 Dec 2009
Type Conference
Year 2008
Where OSDI
Authors Nickolai Zeldovich, Hari Kannan, Michael Dalton, Christos Kozyrakis
Comments (0)