Enabling Lightweight Privilege Separation in Applications with MicroGuards

TL;DR

MicroGuards introduces a lightweight, hardware-assisted approach for fine-grained privilege separation within applications, enhancing security on resource-constrained devices with minimal performance impact.

Contribution

The paper presents MicroGuards, a novel set of kernel modifications and APIs that enable in-process memory protection and privilege separation on embedded and mobile Linux devices.

Findings

Runtime overhead less than 3.5%

Minimal memory footprint

Practical integration with existing applications

Abstract

Application compartmentalization and privilege separation are our primary weapons against ever-increasing security threats and privacy concerns on connected devices. Despite significant progress, it is still challenging to privilege separate inside an application address space and in multithreaded environments, particularly on resource-constrained and mobile devices. We propose MicroGuards, a lightweight kernel modification and set of security primitives and APIs aimed at flexible and fine-grained in-process memory protection and privilege separation in multithreaded applications. MicroGuards take advantage of hardware support in modern CPUs and are high-level enough to be adaptable to various architectures. This paper focuses on enabling MicroGuards on embedded and mobile devices running Linux kernel and utilizes tagged memory support to achieve good performance. Our evaluation show that MicroGuards add small runtime overhead (less than 3.5\%), minimal memory footprint, and are practical to get integrated with existing applications to enable fine-grained privilege separation.