This website requires JavaScript.

MProtect: Operating System Memory Management without Access

Caihua LiSeung-seob LeeMin Hong YunLin Zhong
Dec 2022
摘要
Modern operating systems (OSes) have unfettered access to application data,assuming that applications trust them. This assumption, however, is problematicunder many scenarios where either the OS provider is not trustworthy or the OScan be compromised due to its large attack surface. Our investigation beganwith the hypothesis that unfettered access to memory is not fundamentallynecessary for the OS to perform its own job, including managing the memory. Theresult is a system called MProtect that leverages a small piece of softwarerunning at a higher privilege level than the OS. MProtect protects the entireuser space of a process, requires only a small modification to the OS, andsupports major architectures such as ARM, x86 and RISC-V. Unlike prior worksthat resorted to nested virtualization, which is often undesirable in mobileand embedded systems, MProtect mediates how the OS accesses the memory andhandles exceptions. We report an implementation of MProtect called MGuard withARMv8/Linux and evaluate its performance with both macro and microbenchmarks.We show MGuard has a runtime TCB 2~3 times smaller than related systems andenjoys competitive performance while supporting legitimate OS access to theuser space.
展开全部
图表提取

暂无人提供速读十问回答

论文十问由沈向洋博士提出,鼓励大家带着这十个问题去阅读论文,用有用的信息构建认知模型。写出自己的十问回答,还有机会在当前页面展示哦。

Q1论文试图解决什么问题?
Q2这是否是一个新的问题?
Q3这篇文章要验证一个什么科学假设?
0
被引用
笔记
问答