Zeno: A Scalable Capability-Based Secure Architecture

TL;DR

Zeno is a scalable, capability-based architecture designed for secure, multi-node datacenter systems, enabling global sharing of capabilities while maintaining security and manageable overheads.

Contribution

The paper introduces Zeno, a novel capability architecture that supports global sharing of capabilities across multiple nodes in large-scale systems.

Findings

Zeno supports a namespace-based capability model for multi-node sharing.

Zeno maintains security properties in large-scale environments.

FPGA implementation shows manageable hardware overheads.

Abstract

Despite the numerous efforts of security researchers, memory vulnerabilities remain a top issue for modern computing systems. Capability-based solutions aim to solve whole classes of memory vulnerabilities at the hardware level by encoding access permissions with each memory reference. While some capability systems have seen commercial adoption, little work has been done to apply a capability model to datacenter-scale systems. Cloud and high-performance computing often require programs to share memory across many compute nodes. This presents a challenge for existing capability models, as capabilities must be enforceable across multiple nodes. Each node must agree on what access permissions a capability has and overheads of remote memory access must remain manageable. To address these challenges, we introduce Zeno, a new capability-based architecture. Zeno supports a Namespace-based capability model to support globally shareable capabilities in a large-scale, multi-node system. In this work, we describe the Zeno architecture, define Zeno's security properties, evaluate the scalability of Zeno as a large-scale capability architecture, and measure the hardware overhead with an FPGA implementation.