The reviewed record of science sign in
Pith

arxiv: 2108.03705 · v2 · pith:WFM7HFFO · submitted 2021-08-08 · cs.CR

The Endokernel: Fast, Secure, and Programmable Subprocess Virtualization

Reviewed by Pith T0 review T1 audit T2 compute T3 formal T4 kernel pith:WFM7HFFOrecord.jsonopen to challenge →

classification cs.CR
keywords endokernelisolationabstractionsmonitorprocessabstractionapplicationsarchitecture
0
0 comments X
read the original abstract

Commodity applications contain more and more combinations of interacting components (user, application, library, and system) and exhibit increasingly diverse tradeoffs between isolation, performance, and programmability. We argue that the challenge of future runtime isolation is best met by embracing the multi-principle nature of applications, rethinking process architecture for fast and extensible intra-process isolation. We present, the Endokernel, a new process model and security architecture that nests an extensible monitor into the standard process for building efficient least-authority abstractions. The Endokernel introduces a new virtual machine abstraction for representing subprocess authority, which is enforced by an efficient self-isolating monitor that maps the abstraction to system level objects (processes, threads, files, and signals). We show how the Endokernel can be used to develop specialized separation abstractions using an exokernel-like organization to provide virtual privilege rings, which we use to reorganize and secure NGINX. Our prototype, includes a new syscall monitor, the nexpoline, and explores the tradeoffs of implementing it with diverse mechanisms, including Intel Control Enhancement Technology. Overall, we believe sub-process isolation is a must and that the Endokernel exposes an essential set of abstractions for realizing this in a simple and feasible way.

This paper has not been read by Pith yet.

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.