Going beyond the Limits of SFI: Flexible and Secure Hardware-Assisted In-Process Isolation with HFI
ASPLOS 2023: Proceedings of the 28th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 3(2023)
摘要
We introduce Hardware-assisted Fault Isolation (HFI), a simple extension to
existing processors to support secure, flexible, and efficient in-process
isolation. HFI addresses the limitations of existing software-based isolation
(SFI) systems including: runtime overheads, limited scalability, vulnerability
to Spectre attacks, and limited compatibility with existing code. HFI can
seamlessly integrate with current SFI systems (e.g., WebAssembly), or directly
sandbox unmodified native binaries. To ease adoption, HFI relies only on
incremental changes to the data and control path of existing high-performance
processors. We evaluate HFI for x86-64 using the gem5 simulator and
compiler-based emulation on a mix of real and synthetic workloads.
更多查看译文
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要