Enhancing Data Secrecy with Segmentation Based Isolation
Software memory disclosure attacks, such as buffer over-read, often work quietly and may cause leakage of secrets.The well-known OpenSSL Heartbleed vulnerability leaked out millions of servers private keys, and caused most of lnternet services insecure during that time.Existing solutions are either hard to apply to large code bases, or too heavyweight (e.g.by involving a hypervisor software or a modified operating system kernel).We propose SecSeg, an easy-to-use and lightweight system which leverages the traditional x86 segmentation mechanism to isolate the secrets from the remaining data.Software developers can prevent the secrets from being leaked out by simply declaring the secret variables with secure keyword.And our customized compiler will automatically separate the secrets from the remaining ones with an isolated hardware segment.Any legal instructions that have to visit the secrets will be automatically instrumented to special machine instructions which have access to the isolated segment.We have implemented an early SecSeg prototype with an open source compiler framework-the LLVM Compiler Infrastructure.The prototype proves that SecSeg is both secure and efficient.
memory disclosure privacy protection segment isolation
Chi Zhang Hui He Xiaoguang Wang Yichen Li Xin Gao Yong Qi
Department of Computer Science Xian Jiaotong University Xian, Shaanxi Province, China
国际会议
武汉
英文
203-208
2016-09-23(万方平台首次上网日期,不代表论文的发表时间)