Secure Memory Management on Modern Hardware

TL;DR

This paper introduces a novel, hardware-agnostic memory protection model that enhances security and integrity in modern heterogeneous systems without performance penalties.

Contribution

It proposes a fine-grained, reference monitor-based memory protection approach applicable across architectures, aligning system software with complex hardware features.

Findings

Enforces system integrity without performance overhead

Applicable to any operating system and hardware architecture

Automatable through code generation from hardware specs

Abstract

Almost all modern hardware, from phone SoCs to high-end servers with accelerators, contain memory translation and protection hardware like IOMMUs, firewalls, and lookup tables which make it impossible to reason about, and enforce protection and isolation based solely on the processor's MMUs. This has led to numerous bugs and security vulnerabilities in today's system software. In this paper we regain the ability to reason about and enforce access control using the proven concept of a reference monitor mediating accesses to memory resources. We present a fine-grained, realistic memory protection model that makes this traditional concept applicable today, and bring system software in line with the complexity of modern, heterogeneous hardware. Our design is applicable to any operating system, regardless of architecture. We show that it not only enforces the integrity properties of a system, but does so with no inherent performance overhead and it is even amenable to automation through code generation from trusted hardware specifications.