ICSA Colloquium - 22/07/2024

Title:

Building Secure and Efficient Processors for Trustless Memory Safety

Abstract:

Capability-based memory isolation is a promising new architectural primitive. Software can access low-level memory only via capability handles rather than raw pointers, which provides a natural interface to enforce security restrictions. Existing architectural capability designs such as CHERI provide spatial safety, but fail to extend to other memory models that security-sensitive software designs may desire. In this paper, we propose Capstone, a more expressive architectural capability design that supports multiple existing memory isolation models in a trustless setup, i.e., without relying on trusted software components. We show how Capstone is well-suited for environments where privilege boundaries are fluid (dynamically extensible), memory sharing/delegation are desired both temporally and spatially, and where such needs are to be balanced with availability concerns. Capstone can also be implemented efficiently. We present an implementation sketch and through evaluation show that its overhead is below 50% in common use cases. We also prototype a functional emulator for Capstone and use it to demonstrate the runnable implementations of six real-world memory models without trusted software components: three types of enclave-based TEEs, a thread scheduler, a memory allocator, and Rust-style memory safety -- all within the interface of Capstone.

Bio:

Trevor E. Carlson is an Assistant Professor at the department of Computer Science at the National University of Singapore. Dr. Carlson has received his PhD from Ghent University in 2014, his bachelor’s and master’s degrees from Carnegie Mellon University in 2002 and 2003, and completed a postdoc at Uppsala University in Sweden in 2017. Dr. Carlson’s research interests include several areas of computer architecture including efficient microarchitectures and accelerators, performance modeling, fast and scalable simulation methodologies, and secure processor designs. He co-designed the Sniper Multi-core Simulator which is being used by hundreds of researchers to evaluate the performance and power-efficiency of next generation systems which continues to be used to explore next-generation processor design. Dr. Carlson’s research has been published at leading journals and conferences in computer architecture and simulation such as the International Symposium on Computer Architecture (ISCA), the International Symposium on Microarchitecture (MICRO), the International Symposium on High Performance Computer Architecture (HPCA), IEEE Transactions on Computers (TC), USENIX Security, and others. He has recently been awarded Amazon, Intel and VMWare Research Awards, and his work has received six Best Paper Awards or Best Paper Nominations in conferences such as the International Symposium on Microarchitecture (MICRO) and the International Symposium on Performance Analysis of Systems and Software (ISPASS).