Logo des Repositoriums
 

Case Study: Securing MMU-less Linux Using CHERI

dc.contributor.authorAlmatary, Hesham
dc.contributor.authorMazzinghi, Alfredo
dc.contributor.authorWatson, Robert N. M.
dc.contributor.editorDhungana, Deepak
dc.contributor.editorLambers, Leen
dc.contributor.editorBonorden, Leif
dc.contributor.editorHenning, Sören
dc.date.accessioned2024-02-14T05:22:30Z
dc.date.available2024-02-14T05:22:30Z
dc.date.issued2024
dc.description.abstractMMU-less Linux variant lacks security because it does not have protection or isolation mechanisms. It also does not use MPUs as they do not fit with its software model because of the design drawbacks of MPUs (i. e. coarse-grained protection with fixed number of protected regions). We secure the existing MMU-less Linux version of the RISC-V port using CHERI. CHERI is a hardware-software capability-based system that extends the ISA, toolchain, programming languages, operating systems, and applications in order to provide complete pointer and memory safety. We believe that CHERI could provide significant security guarantees for high-end dynamic MMU-less embedded systems at lower costs, compared to MMUs and MPUs, by: 1) building the entire software stack in pure-capability CHERI C mode which provides complete spatial memory safety at the kernel and user-level, 2) isolating user programs as separate ELFs, each with its own CHERI-based capability table; this provides spatial memory safety similar to what the MMU offers (i. e. user programs cannot access each other’s memory), 3) isolating user programs from the kernel as the kernel has its own capability table from the users and vice versa, and 4) compartmentalising kernel modules using CompartOS’ linkage-based compartmentalisation. This offers a new security front that is not possible using the current MMU-based Linux, where vulnerable/malicious kernel modules (e. g. device drivers) executing in the kernel space would not compromise or take down the entire system. These are the four main contributions of this paper, presenting novel CHERI-based mechanisms to secure MMU-less embedded Linux.en
dc.identifier.doi10.18420/sw2024-ws_06
dc.identifier.urihttps://dl.gi.de/handle/20.500.12116/43521
dc.language.isoen
dc.pubPlaceBonn
dc.publisherGesellschaft für Informatik e.V.
dc.relation.ispartofSE 2024 - Companion
dc.subjectLinux
dc.subjectCHERI
dc.subjectsecurity
dc.subjectmemory safety
dc.subjectcompartmentalization
dc.subjectembedded systems
dc.subjectoperating systems
dc.titleCase Study: Securing MMU-less Linux Using CHERIen
dc.typeText/Conference Paper
gi.citation.endPage92
gi.citation.startPage69
gi.conference.date26.- 27. Februar
gi.conference.locationLinz
gi.conference.sessiontitleAVIOSE

Dateien

Originalbündel
1 - 1 von 1
Lade...
Vorschaubild
Name:
A3-3.pdf
Größe:
584.59 KB
Format:
Adobe Portable Document Format