research-article

ARMlock: Hardware-based Fault Isolation for ARM

Authors:

Xiaoguang Wang,

Zhi WangAuthors Info & Claims

CCS '14: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security

Pages 558 - 569

https://doi.org/10.1145/2660267.2660344

Published: 03 November 2014 Publication History

Abstract

Software fault isolation (SFI) is an effective mechanism to confine untrusted modules inside isolated domains to protect their host applications. Since its debut, researchers have proposed different SFI systems for many purposes such as safe execution of untrusted native browser plugins. However, most of these systems focus on the x86 architecture. Inrecent years, ARM has become the dominant architecture for mobile devices and gains in popularity in data centers.Hence there is a compellingneed for an efficient SFI system for the ARM architecture. Unfortunately, existing systems either have prohibitively high performance overhead or place various limitations on the memory layout and instructions of untrusted modules.

In this paper, we propose ARMlock, a hardware-based fault isolation for ARM. It uniquely leverages the memory domain support in ARM processors to create multiple sandboxes. Memory accesses by the untrusted module (including read, write, and execution) are strictly confined by the hardware,and instructions running inside the sandbox execute at the same speed as those outside it. ARMlock imposes virtually no structural constraints on untrusted modules. For example, they can use self-modifying code, receive exceptions, and make system calls. Moreover, system calls can be interposed by ARMlock to enforce the policies set by the host. We have implemented a prototype of ARMlock for Linux that supports the popular ARMv6 and ARMv7 sub-architecture. Our security assessment and performance measurement show that ARMlock is practical, effective, and efficient.

References

[1]

Domain Access Control Register. http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.ddi0434b/CIHBCBFE.html.

[2]

M. Abadi, M. Budiu, U. Erlingsson, and J. Ligatti. Control-Flow Integrity: Principles, Implementations, and Applications. In Proceedings of the 12th ACM Conference on Computer and Communications Security, November 2005.

Digital Library

[3]

Update from the CEO. http://googleblog.blogspot. co.uk/2013/03/update-from-ceo.html.

[4]

Calxeda. http://www.calxeda.com/.

[5]

M. Castro, M. Costa, J.-P. Martin, M. Peinado, P. Akritidis, A. Donnelly, P. Barham, and R. Black. Fast Byte-Granularity Software Fault Isolation. In Proceedings of the 22nd ACM Symposium on Operating Systems Principles, 2009.

Digital Library

[6]

M. E. Conway. Design of a Separable Transition-Diagram Compiler. In Communications of the ACM, 1963.

Digital Library

[7]

Linux Foundation Referenced Specification.http://refspecs.linuxbase.org/.

[8]

U. Erlingsson, S. Valley, M. Abadi, M. Vrable, M. Budiu, and G. C. Necula. XFI: Software Guards for System Address Spaces. In Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation, November 2006.

Digital Library

[9]

B. Ford and R. Cox. Vx32: Lightweight User-level Sandboxing on the x86. In Proceedings of 2008 USENIX Annual Technical Conference, June 2008.

Digital Library

[10]

T. Garfinkel. Traps and Pitfalls: Practical Problems in System Call Interposition Based Security Tools. In Proceedings of the 20th Annual Network and Distributed Systems Security Symposium, February 2003.

[11]

W. K. Giloi and P. Behr. An IPC Protocol and its Hardware Realization for a High-speed Distributed Multicomputer System. In Proceedings of the 8th annual symposium on Computer Architecture, 1981.

Digital Library

[12]

Linux and Chrome OS Sandboxing. https://code.google.com/p/chromium/wiki/LinuxSandboxing.

[13]

gzip. The gzip home page. http://www.gzip.org/.

[14]

J. N. Herder, H. Bos, B. Gras, P. Homburg, and A. S. Tanenbaum. Fault Isolation for Device Drivers. In Proceedings of the 39th IEEE/IFIP International Conference on Dependable Systems and Networks, 2009.

[15]

Intel. Intel 64 and IA-32 Architectures Software Developer's Manual Volume 3: System Programming Guide, Part 1 and Part 2, 2010.

[16]

G. S. Kc, A. D. Keromytis, and V. Prevelakis. Countering Code-Injection Attacks with Instruction-Set Randomization. In Proceedings of the 10th ACM conference on Computer and communications security, CCS'03, October 2003.

Digital Library

[17]

V. Kiriansky, D. Bruening, and S. Amarasinghe. Secure Execution Via Program Shepherding. In Proceedings of the 11th USENIX Security Symposium, August 2002.

Digital Library

[18]

libpng. libpng home page. http://libpng.org/pub/png/libpng.html.

[19]

LMbench - Tools for Performance Analysis. http://www.bitmover.com/lmbench/lmbench.html.

[20]

Y. Mao, H. Chen, D. Zhou, X. Wang, N. Zeldovich, and M. F. Kaashoek. Software fault isolation with API integrity and multi-principal modules. In Proceedings of the 23rd ACM Symposium on Operating Systems Principles, October 2011.

Digital Library

[21]

S. McCamant and G. Morrisett. Evaluating SFI for a CISC architecture. In Proceedings of the 15th conference on USENIX Security Symposium, July 2006.

Digital Library

[22]

S. McCanne and V. Jacobson. The BSD Packet Filter:A New Architecture for User-level Packet Capture. In Proceedings of the 1993 USENIX conference, 1993.

Digital Library

[23]

G. Morrisett, G. Tan, J. Tassarotti, J.-B. Tristan, and E. Gan. RockSalt: Better, Faster, Stronger SFI for the x86. In Proceedings of the 33rd ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI'12, June 2012.

Digital Library

[24]

Linux/Unix nbench.http://www.tux.org/~mayer/linux/bmark.html.

[25]

National Vulnerability Databasel. http://nvd.nist.gov.

[26]

PLT and GOT - the Key to Code Sharing and Dynamic Libraries. https://www.technovelty.org/linux/plt-and-got-the-key-to-code-sharing-and-dynamic-libraries.html.

[27]

L. V. Put, D. Chanet, B. D. Bus, B. D. Sutter, and K. D. Bosschere. DIABLO: a Reliable, Retargetable and Extensible Link-time Rewriting Framework. In Proceedings of the 2005 IEEE International Symposium On Signal Processing And Information Technolog, 2005.

[28]

Remote Procedure Call. http://en.wikipedia.org/wiki/Remote_procedure_call.

[29]

Raspberry Pi, an ARM/GNU Linux Box for $25. http://www.raspberrypi.org/.

[30]

N. Santos, H. Raj, S. Saroiu, and A. Wolman. Using ARM Trustzone to Build a Trusted Language Runtime for Mobile Applications. In Proceedings of the 19th International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS '14, March 2014.

Digital Library

[31]

seccomp. http://lwn.net/Articles/332974/.

[32]

Yet another new approach to seccomp. http://lwn.net/Articles/475043/.

[33]

D. Sehr, R. M. Karl, C. Biffle, V. Khimenko, E. Pasko, K. Schimpf, B. Yee, and B. Chen. Adapting Software Fault Isolation to Contemporary CPU Architectures. In Proceedings of the 19th USENIX Security Symposium, August 2010.

Digital Library

[34]

M. I. Seltzer, Y. Endo, C. Small, and K. A. Smith. Dealing With Disaster: Surviving Misbehaved Kernel Extensions. In Proceedings of the USENIX 2nd Symposium on OS Design and Implementation, 1996.

Digital Library

[35]

H. Shacham, M. Page, B. Pfaff, E.-J. Goh, N. Modadugu, and D. Boneh. On the Effectiveness of Address-Space Randomization. In Proceedings of the 11th ACM conference on Computer and communications security, CCS'04,October 2004.

Digital Library

[36]

M. Sharif, W. Lee, W. Cui, and A. Lanzi. Secure In-VM Monitoring Using Hardware Virtualization. In Proceedings of the 16th ACM Conference on Computer and Communications Security, November 2009.

Digital Library

[37]

J. Siefers, G. Tan, and G. Morrisett. Robusta: Taming the Native Beast of the JVM. In Proceedings of the 17th ACMmConference on Computer and Communications Security, 2010.

Digital Library

[38]

M. M. Swift, M. Annamalai, B. N. Bershad, and H. M. Levy. Recovering Device Drivers. December 2004.

[39]

M. M. Swift, B. N. Bershad, and H. M. Levy. Improving the Reliability of Commodity Operating Systems. In Proceedings of the 19th ACM symposium on Operating Systems Principles, October 2003.

Digital Library

[40]

Tcpdump/Libpcap. http://www.tcpdump.org.

[41]

Translation Lookaside Buffer. http://en.wikipedia. org/wiki/Translation_lookaside_buffer.

[42]

On vsyscalls and the vDSO. http://lwn.net/Articles/446528/.

[43]

R. Wahbe, S. Lucco, T. E. Anderson, and S. L. Graham. Efficient Software-based Fault Isolation. In Proceedings of the 14th ACM Symposium On Operating System Principles, December 1993.

Digital Library

[44]

Z. Wang, C. Wu, M. Grace, and X. Jiang. Isolating Commodity Hosted Hypervisors with HyperLock. In Proceedings of the 7th ACM SIGOPS EuroSys Conference, 2012.

Digital Library

[45]

R. N. Watson and J. Anderson. Capsicum: Practical Capabilities for UNIX. In Proceedings of the 2010 USENIX Annual Technical Conference, June 2010.

Digital Library

[46]

B. Yee, D. Sehr, G. Dardyk, J. B. Chen, R. Muth, T. Orm, S. Okasaka, N. Narula, N. Fullagar, and G. Inc. Native Client: A Sandbox for Portable, Untrusted x86 Native Code. In Proceedings of the 30th IEEE Symposium on Security and Privacy, May 2009.

Digital Library

[47]

B. Zeng, G. Tan, and G. Morrisett. Combining Control-flow Integrity and Static Analysis for Efficient and Validated Data Sandboxing. In Proceedings of the 18th ACM Conference on Computer and Communications Security, CCS'11, October 2011.

Digital Library

[48]

B. Zeng, G. Tan, and G. Morrisett. Combining Control-Flow Integrity and Static Analysis for Efficient and Validated Data Sandboxing. In Proceedings of the 18th ACM Conference on Computer and Communication Security, 2011.

Digital Library

[49]

L. Zhao, G. Li, B. De Sutter, and J. Regehr. ARMor: Fully Verified Software Fault Isolation. In Proceedings of the ninth ACM international conference on Embedded software, EMSOFT'11, October 2011.

Digital Library

Cited By

Yadav NVollmer FSadeghi ASmaragdakis GVoulimeneas A(2024)Orbital Shield: Rethinking Satellite Security in the Commercial Off-the-Shelf Era2024 Security for Space Systems (3S)10.23919/3S60530.2024.10592292(1-11)Online publication date: 27-May-2024
https://doi.org/10.23919/3S60530.2024.10592292
Yedidia ZTsafrir DMusuvathi MGupta RAbu-Ghazaleh N(2024)Lightweight Fault Isolation: Practical, Efficient, and Secure Software SandboxingProceedings of the 29th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 210.1145/3620665.3640408(649-665)Online publication date: 27-Apr-2024
https://dl.acm.org/doi/10.1145/3620665.3640408
Huang HWang HRao JWu SFan HYu CJin HSuo KPan L(2024)vKernel: Enhancing Container Isolation via Private Code and DataIEEE Transactions on Computers10.1109/TC.2024.338398873:7(1711-1723)Online publication date: Jul-2024
https://doi.org/10.1109/TC.2024.3383988
Show More Cited By

Index Terms

ARMlock: Hardware-based Fault Isolation for ARM
1. Security and privacy
  1. Security services
    1. Access control
  2. Systems security
    1. Information flow control
    2. Operating systems security

Recommendations

Going beyond the Limits of SFI: Flexible and Secure Hardware-Assisted In-Process Isolation with HFI
ASPLOS 2023: Proceedings of the 28th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 3

We introduce Hardware-assisted Fault Isolation (HFI), a simple extension to existing processors to support secure, flexible, and efficient in-process isolation. HFI addresses the limitations of existing software-based isolation (SFI) systems ...
Two Optimization Mechanisms to Improve the Isolation Property of Server Consolidation in Virtualized Multi-core Server
HPCC '10: Proceedings of the 2010 IEEE 12th International Conference on High Performance Computing and Communications

Virtualization brings many benefits such as improving system utilization and reducing cost through server consolidation. However, it also introduces isolation problem when running multiple virtual machine workloads in one physical platform. Additionally,...
CapeVM: A Safe and Fast Virtual Machine for Resource-Constrained Internet-of-Things Devices
SenSys '18: Proceedings of the 16th ACM Conference on Embedded Networked Sensor Systems

This paper presents CapeVM, a sensor node virtual machine aimed at delivering both high performance and a sandboxed execution environment that ensures malicious code cannot corrupt the VM's internal state or perform actions not allowed by the VM. CapeVM ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '14: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security

November 2014

1592 pages

ISBN:9781450329576

DOI:10.1145/2660267

General Chair:
Gail-Joon Ahn
Arizona State University, USA
,
Program Chairs:
Moti Yung
Google -- Columbia University, USA
,
Ninghui Li
Purdue University, USA

Copyright © 2014 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 03 November 2014

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Florida State University

Conference

CCS'14

Sponsor:

SIGSAC

CCS'14: 2014 ACM SIGSAC Conference on Computer and Communications Security

November 3 - 7, 2014

Arizona, Scottsdale, USA

Acceptance Rates

CCS '14 Paper Acceptance Rate 114 of 585 submissions, 19%;

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '24

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

49
Total Citations
View Citations
1,090
Total Downloads

Downloads (Last 12 months)70
Downloads (Last 6 weeks)6

Reflects downloads up to 27 Jul 2024

Other Metrics

View Author Metrics

Citations

Cited By

Yadav NVollmer FSadeghi ASmaragdakis GVoulimeneas A(2024)Orbital Shield: Rethinking Satellite Security in the Commercial Off-the-Shelf Era2024 Security for Space Systems (3S)10.23919/3S60530.2024.10592292(1-11)Online publication date: 27-May-2024
https://doi.org/10.23919/3S60530.2024.10592292
Yedidia ZTsafrir DMusuvathi MGupta RAbu-Ghazaleh N(2024)Lightweight Fault Isolation: Practical, Efficient, and Secure Software SandboxingProceedings of the 29th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 210.1145/3620665.3640408(649-665)Online publication date: 27-Apr-2024
https://dl.acm.org/doi/10.1145/3620665.3640408
Huang HWang HRao JWu SFan HYu CJin HSuo KPan L(2024)vKernel: Enhancing Container Isolation via Private Code and DataIEEE Transactions on Computers10.1109/TC.2024.338398873:7(1711-1723)Online publication date: Jul-2024
https://doi.org/10.1109/TC.2024.3383988
Chen ZQiu HDing X(2024)DScope: To Reliably and Securely Acquire Live Data from Kernel-Compromised ARM DevicesComputer Security – ESORICS 202310.1007/978-3-031-51482-1_14(271-289)Online publication date: 11-Jan-2024
https://doi.org/10.1007/978-3-031-51482-1_14
Mahurkar AWang XZhang HRavindran B(2023)DynaCutProceedings of the 24th International Middleware Conference10.1145/3590140.3629121(275-287)Online publication date: 27-Nov-2023
https://dl.acm.org/doi/10.1145/3590140.3629121
Narayan SGarfinkel TTaram MRudek JMoghimi DJohnson EFallin CVahldiek-Oberwagner ALeMay MSahita RTullsen DStefan DAamodt TJerger NSwift M(2023)Going beyond the Limits of SFI: Flexible and Secure Hardware-Assisted In-Process Isolation with HFIProceedings of the 28th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 310.1145/3582016.3582023(266-281)Online publication date: 25-Mar-2023
https://dl.acm.org/doi/10.1145/3582016.3582023
Seo JYou JCho YCho YKwon DPaek Y(2023)Sfitag: Efficient Software Fault Isolation with Memory Tagging for ARM Kernel ExtensionsProceedings of the 2023 ACM Asia Conference on Computer and Communications Security10.1145/3579856.3590341(469-480)Online publication date: 10-Jul-2023
https://dl.acm.org/doi/10.1145/3579856.3590341
Xu JXie MWu CZhang YLi QHuang XLai YKang YWang WWei QWang ZMeng WJensen CCremers CKirda E(2023)PANIC: PAN-assisted Intra-process Memory Isolation on ARMProceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security10.1145/3576915.3623206(919-933)Online publication date: 15-Nov-2023
https://dl.acm.org/doi/10.1145/3576915.3623206
Zeng FZhang ZChang RYu CZhang ZZhao Y(2023)Lark: Verified Cross-Domain Access Control for Trusted Execution Environments2023 IEEE 34th International Symposium on Software Reliability Engineering (ISSRE)10.1109/ISSRE59848.2023.00031(160-171)Online publication date: 9-Oct-2023
https://doi.org/10.1109/ISSRE59848.2023.00031
Zhu HHua B(2023)SAFEJ: An Efficient Infrastructure for Securing Julia Programs2023 4th International Conference on Big Data & Artificial Intelligence & Software Engineering (ICBASE)10.1109/ICBASE59196.2023.10303098(221-224)Online publication date: 25-Aug-2023
https://doi.org/10.1109/ICBASE59196.2023.10303098
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents