[Research] System Security Laboratory (Professor Lee Ho-joon) is Approved tp Publish of Papers in ACM CCS 2023
- 소프트웨어융합대학
- Hit1277
- 2023-08-08
The paper "Capacity: Cryptographically-Enforced In-process Capabilities for Modern ARM Architectures" by Dinh Kha (Ph.D. candidate), Cho Kyu-won (Ph.D. candidate), and Noh Tae-hyun (Master's candidate), under the guidance of Professor Lee Ho-jun (https://sslab.skku.edu), has been accepted for publication at the ACM Conference on Computer and Communications Security (CCS) 2023, one of the four major security conferences. The paper will be presented in November.
Today's software poses a significant challenge in eliminating vulnerabilities due to its large and complex code base, as well as continuous changes, which often lead to numerous security incidents. In particular, the monolithic nature of various software components residing in a single address space makes the entire program vulnerable even with a single security flaw. To address this issue, the research on In-Process Isolation (IPI) has been widely conducted, aiming to mitigate the risks of vulnerabilities in different domains by isolating programs into multiple domains.
The proposed technology, Capacity, extends the existing access control capabilities of operating systems using ARM's new hardware features, namely Pointer Authentication and Memory Tagging Extension, to achieve capability-based access control. Capacity implements a Capability system by cryptographically signing memory pointers and file descriptors, which are reference types for process resources, using keys unique to each domain and verifying their use in all instances. By adhering to the capability philosophy, robust mechanisms are employed to maintain the security of signed references, ensuring high security levels. The practicality and performance of Capacity have been validated through its application to real-world programs such as NGINX and OpenSSH.