Loading…
Back To Schedule
Wednesday, July 10 • 4:10pm - 4:30pm
libmpk: Software Abstraction for Intel Memory Protection Keys (Intel MPK)

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Intel Memory Protection Keys (MPK) is a new hardware primitive to support thread-local permission control on groups of pages without requiring modification of page tables. Unfortunately, its current hardware implementation and software support suffer from security, scalability, and semantic problems: (1) vulnerable to protection-key-use-after-free; (2) providing the limited number of protection keys; and (3) incompatible with mprotect()’s process-based permission model.

In this paper, we propose libmpk, a software abstraction for MPK. It virtualizes the hardware protection keys to eliminate the protection-key-use-after-free problem while providing accesses to an unlimited number of virtualized keys. To support legacy applications, it also provides a lazy inter-thread key synchronization. To enhance the security of MPK itself, libmpk restricts unauthorized writes to its metadata. We apply libmpk to three real-world applications: OpenSSL, JavaScript JIT compiler, and Memcached for memory protection and isolation. Our evaluation shows that it introduces negligible performance overhead (

Speakers
SP

Soyeon Park

Georgia Institute of Technology
SL

Sangho Lee

Microsoft Research
WX

Wen Xu

Georgia Institute of Technology
HM

Hyungon Moon

Ulsan National Institute of Science and Technology
TK

Taesoo Kim

Georgia Institute of Technology


Wednesday July 10, 2019 4:10pm - 4:30pm PDT
USENIX ATC Track II: Grand Ballroom VII–IX