南方科技大学知识苑(SUSTech KC): PANIC: PAN-assisted Intra-process Memory Isolation on ARM

题名	PANIC: PAN-assisted Intra-process Memory Isolation on ARM
作者	Jiali Xu 1; Mengyao Xie 1; Chenggang Wu 1; Yinqian Zhang2 ; Qijing Li 3; Xuan Huang 4; Yuanming Lai 1; Yan Kang 1; Yan Kang 1; Qiang Wei 5; Zhe Wang 1
通讯作者	Zhe Wang
DOI	10.1145/3576915.3623206
发表日期	2023
会议名称	30th ACM SIGSAC Conference on Computer and Communications Security (ACM CCS)
会议录名称	PROCEEDINGS OF THE 2023 ACM SIGSAC CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY, CCS 2023
会议日期	NOV 26-30, 2023
会议地点	null,Copenhagen,DENMARK
出版地	1601 Broadway, 10th Floor, NEW YORK, NY, UNITED STATES
出版者	ASSOC COMPUTING MACHINERY
摘要	Intra-process memory isolation is a well-known technique to enforce least privilege within a process. In this paper, we propose a generic and efficient intra-process memory isolation technique named PANIC, by leveraging Privileged Access Never (PAN) and load/store unprivileged (LSU) instructions on AArch64. PANIC executes process code in kernel mode and compartments code into trusted and untrusted components. The untrusted code is restricted from accessing the isolated memory region, which is located on user pages, and the trusted code is allowed to access the isolated memory region by using LSU instructions. To mitigate threats induced by running user code in kernel mode, PANIC provides two novel security mechanisms: shim-based memory isolation and sensitive instruction emulation. PANIC provides a generic and efficient isolation primitive that can be applied in three different isolation scenarios: protecting sensitive data in CFI, creating isolated execution environments, and hardening JIT code cache. We have implemented a prototype of PANIC and experimental evaluation shows that PANIC incurs very low performance overhead, and performs better than existing methods.
关键词	Intra-process Memory Isolation ARM LSU UAO PAN Isolated Execution Environment
学校署名	其他
语种	英语
相关链接	[来源记录]
收录类别	CPCI-S
资助项目	National Natural Science Foundation of China (NSFC)["61902374","62272442","U1736208"] ; Innovation Funding of ICT, CAS[E161040]
WOS研究方向	Computer Science ; Telecommunications
WOS类目	Computer Science, Artificial Intelligence ; Computer Science, Interdisciplinary Applications ; Telecommunications
WOS记录号	WOS:001124987200063
来源库	Web of Science
引用统计
成果类型	会议论文
条目标识符	http://sustech.caswiz.com/handle/2SGJ60CL/702059
专题	工学院_斯发基斯可信自主研究院工学院工学院_计算机科学与工程系
作者单位	1.SKLP, Institute of Computing Technology, CAS University of Chinese Academy of Sciences 2.Department of Computer Science and Engineering, SUSTech Research Institute of Trustworthy Autonomous Systems, SUSTech 3.University of Chinese Academy of Sciences 4.Peking University 5.National Digital Switching System Engineering and Technological Research Center
推荐引用方式 GB/T 7714	Jiali Xu,Mengyao Xie,Chenggang Wu,et al. PANIC: PAN-assisted Intra-process Memory Isolation on ARM[C]. 1601 Broadway, 10th Floor, NEW YORK, NY, UNITED STATES:ASSOC COMPUTING MACHINERY,2023.