Secure, Efficient In-Process Memory Isolation

Isolating sensitive data and state can increase the security and robustness of many applications. Applications, such as isolating cryptographic session keys in a network-facing application or isolating frequently invoked native libraries in managed runtimes, require very frequent domain switching. In such applications, the overhead of kernel- or hypervisormediated domain switching is prohibitive. We suggest LwCs and ERIM to overcome these costs using novel kernel functionality and hardware-support (e.g., Intel MPK), respectively.

Wasm has become a popular lightweight, in-process sandbox and is, for example, used in production to isolate different clients on edge clouds and function-as-a-service platforms. Unfortunately, Spectre attacks can bypass Wasm’s isolation guarantees. Swivel hardens Wasm against this class of attacks by ensuring that potentially malicious code can neither use Spectre attacks to break out of the Wasm sandbox nor coerce victim code—another Wasm client or the embedding process—to leak secret data. We suggest Swivel, a new compiler framework for hardening WebAssembly (Wasm) against Spectre attacks.

Publications

Swivel: Hardening WebAssembly against Spectre USENIX Security, 2021.

PDF

ERIM: Secure, Efficient In-Process Isolation with Memory Protection Keys USENIX Security,
Distinguished Paper Award and Internet Defense Prize, 2019.

PDF Code Slides Video

Light-Weight Contexts: An OS Abstraction for Safety and Performance USENIX OSDI, 2016.

PDF Code