Mitigating Information Leakage Vulnerabilities with Type-based Data Isolation

Research output: Chapter in Book / Report / Conference proceedingConference contributionAcademicpeer-review

Abstract

Information leakage vulnerabilities (or simply info leaks) such as out-of-bounds/uninitialized reads in the architectural or speculative domain pose a significant security threat, allowing attackers to leak sensitive data such as crypto keys. At the same time, such vulnerabilities are hard to efficiently mitigate, as every (even speculative) memory load operation needs to be potentially instrumented against unauthorized reads. Existing confidentiality-preserving solutions based on data isolation label memory objects with different (e.g., sensitive vs. nonsensitive) colors, color load operations accordingly using static pointsto analysis, and instrument them to enforce color-matching invariants at run time. Unfortunately, the reliance on conservative points-to analysis introduces overapproximations that are detrimental to security (or further degrade performance). In this paper, we propose Type-based Data Isolation (TDI), a new practical design point in the data isolation space to mitigate info leaks. TDI isolates memory objects of different colors in separate memory arenas and uses efficient compiler instrumentation to constrain loads to the arena of the intended color by construction. TDI's arena-based design moves the instrumentation from loads to pointer arithmetic operations, enabling new aggressive speculation-aware performance optimizations and eliminating the need for points-to analysis. Moreover, TDI's color management is flexible. TDI can support a few-color scheme with sensitive data annotations similar to prior work (e.g., 2 colors) or a many-color scheme based on basic type analysis (i.e., one color per object type). The latter approach provides fine-grained data isolation, eliminates the need for annotations, and enforces strong color-matching invariants equivalent to ideal (context-sensitive) type-based points-to analysis. Our results show that TDI can efficiently support such strong security invariants, at average performance overheads of <10% on SPEC CPU2006 and nginx.

Original languageEnglish
Title of host publication2022 IEEE Symposium on Security and Privacy (SP)
Subtitle of host publication[Proceedings]
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages1049-1065
Number of pages17
ISBN (Electronic)9781665413169
ISBN (Print)9781665413176
DOIs
Publication statusPublished - 27 Jul 2022
Event43rd IEEE Symposium on Security and Privacy, SP 2022 - San Francisco, United States
Duration: 23 May 202226 May 2022

Publication series

NameProceedings - IEEE Symposium on Security and Privacy
NumberMay
Volume2022
ISSN (Print)1081-6011

Conference

Conference43rd IEEE Symposium on Security and Privacy, SP 2022
Country/TerritoryUnited States
CitySan Francisco
Period23/05/2226/05/22

Bibliographical note

Funding Information:
We thank the anonymous reviewers, Koen Koning, and Taddeus Kroes for their valuable feedback. This work was supported by Intel Corporation through the Side Channel Vulnerability ISRA, by the Netherlands Organisation for Scientific Research through projects “TROPICS” and “Theseus”, by EKZ through project “VeriPatch”, by Cisco Systems, Inc. through grant #1138109, and by the Office of Naval Research (ONR) under awards N00014-16-1-2261 and N00014-17-1-2788. This paper reflects only the authors’ view. The funding agencies are not responsible for any use that may be made of the information it contains.

Publisher Copyright:
© 2022 IEEE.

Funding

We thank the anonymous reviewers, Koen Koning, and Taddeus Kroes for their valuable feedback. This work was supported by Intel Corporation through the Side Channel Vulnerability ISRA, by the Netherlands Organisation for Scientific Research through projects “TROPICS” and “Theseus”, by EKZ through project “VeriPatch”, by Cisco Systems, Inc. through grant #1138109, and by the Office of Naval Research (ONR) under awards N00014-16-1-2261 and N00014-17-1-2788. This paper reflects only the authors’ view. The funding agencies are not responsible for any use that may be made of the information it contains.

FundersFunder number
EKZ
Office of Naval ResearchN00014-17-1-2788, N00014-16-1-2261
Office of Naval Research
Intel Corporation
Cisco Systems1138109
Cisco Systems
Nederlandse Organisatie voor Wetenschappelijk Onderzoek

    Fingerprint

    Dive into the research topics of 'Mitigating Information Leakage Vulnerabilities with Type-based Data Isolation'. Together they form a unique fingerprint.

    Cite this