TY - GEN
T1 - A Compiler for Transparent Namespace-Based Access Control for the Zeno Architecture
AU - Abraham, Jacob
AU - Ehret, Alan
AU - Kinsy, Michel A.
N1 - Funding Information:
The work is partially supported by the Department of Defense (DoD)/Department of the Air Force (USAF) under Grant FA8075-18-D-0004/IAC MAC 19-1979. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors only.
Publisher Copyright:
© 2022 IEEE.
PY - 2022
Y1 - 2022
N2 - With memory safety and security issues continuing to plague modern systems, security is rapidly becoming a first class priority in new architectures and competes directly with performance and power efficiency. The capability-based architecture model provides a promising solution to many memory vulnerabilities by replacing plain addresses with capabilities, i.e., addresses and related metadata. A key advantage of the capability model is compatibility with existing code bases. Capabilities can be implemented transparently to a programmer, i.e., without source code changes. Capabilities leverage semantics in source code to describe access permissions but require customized compilers to translate the semantics to their binary equivalent.In this work, we introduce a complete capabilityaware compiler toolchain for such secure architectures. We illustrate the compiler construction with a RISC-V capability-based architecture, called Zeno. As a securityfocused, large-scale, global shared memory architecture, Zeno implements a Namespace-based capability model for accesses. Namespace IDs (NSID) are encoded with an extended addressing model to associate them with access permission metadata elsewhere in the system. The NSID extended addressing model requires custom compiler support to fully leverage the protections offered by Namespaces. The Zeno compiler produces code transparently to the programmer that is aware of Namespaces and maintains their integrity. The Zeno assembler enables custom Zeno instructions which support secure memory operations. Our results show that our custom toolchain moderately increases the binary size compared to nonZeno compilation. We find the minimal overhead incurred by the additional NSID management instructions to be an acceptable trade-off for the memory safety and security offered by Zeno Namespaces.
AB - With memory safety and security issues continuing to plague modern systems, security is rapidly becoming a first class priority in new architectures and competes directly with performance and power efficiency. The capability-based architecture model provides a promising solution to many memory vulnerabilities by replacing plain addresses with capabilities, i.e., addresses and related metadata. A key advantage of the capability model is compatibility with existing code bases. Capabilities can be implemented transparently to a programmer, i.e., without source code changes. Capabilities leverage semantics in source code to describe access permissions but require customized compilers to translate the semantics to their binary equivalent.In this work, we introduce a complete capabilityaware compiler toolchain for such secure architectures. We illustrate the compiler construction with a RISC-V capability-based architecture, called Zeno. As a securityfocused, large-scale, global shared memory architecture, Zeno implements a Namespace-based capability model for accesses. Namespace IDs (NSID) are encoded with an extended addressing model to associate them with access permission metadata elsewhere in the system. The NSID extended addressing model requires custom compiler support to fully leverage the protections offered by Namespaces. The Zeno compiler produces code transparently to the programmer that is aware of Namespaces and maintains their integrity. The Zeno assembler enables custom Zeno instructions which support secure memory operations. Our results show that our custom toolchain moderately increases the binary size compared to nonZeno compilation. We find the minimal overhead incurred by the additional NSID management instructions to be an acceptable trade-off for the memory safety and security offered by Zeno Namespaces.
KW - Capability
KW - Compiler
KW - Global Shared Memory Space
KW - RISC-V
KW - Security
UR - http://www.scopus.com/inward/record.url?scp=85143070518&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85143070518&partnerID=8YFLogxK
U2 - 10.1109/SEED55351.2022.00022
DO - 10.1109/SEED55351.2022.00022
M3 - Conference contribution
AN - SCOPUS:85143070518
T3 - Proceedings - 2022 IEEE International Symposium on Secure and Private Execution Environment Design, SEED 2022
SP - 1
EP - 10
BT - Proceedings - 2022 IEEE International Symposium on Secure and Private Execution Environment Design, SEED 2022
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2022 IEEE International Symposium on Secure and Private Execution Environment Design, SEED 2022
Y2 - 26 September 2022 through 27 September 2022
ER -