skip to main content
10.1145/2660267.2660344acmconferencesArticle/Chapter ViewAbstractPublication PagesccsConference Proceedingsconference-collections
research-article

ARMlock: Hardware-based Fault Isolation for ARM

Published: 03 November 2014 Publication History

Abstract

Software fault isolation (SFI) is an effective mechanism to confine untrusted modules inside isolated domains to protect their host applications. Since its debut, researchers have proposed different SFI systems for many purposes such as safe execution of untrusted native browser plugins. However, most of these systems focus on the x86 architecture. Inrecent years, ARM has become the dominant architecture for mobile devices and gains in popularity in data centers.Hence there is a compellingneed for an efficient SFI system for the ARM architecture. Unfortunately, existing systems either have prohibitively high performance overhead or place various limitations on the memory layout and instructions of untrusted modules.
In this paper, we propose ARMlock, a hardware-based fault isolation for ARM. It uniquely leverages the memory domain support in ARM processors to create multiple sandboxes. Memory accesses by the untrusted module (including read, write, and execution) are strictly confined by the hardware,and instructions running inside the sandbox execute at the same speed as those outside it. ARMlock imposes virtually no structural constraints on untrusted modules. For example, they can use self-modifying code, receive exceptions, and make system calls. Moreover, system calls can be interposed by ARMlock to enforce the policies set by the host. We have implemented a prototype of ARMlock for Linux that supports the popular ARMv6 and ARMv7 sub-architecture. Our security assessment and performance measurement show that ARMlock is practical, effective, and efficient.

References

[1]
Domain Access Control Register. http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.ddi0434b/CIHBCBFE.html.
[2]
M. Abadi, M. Budiu, U. Erlingsson, and J. Ligatti. Control-Flow Integrity: Principles, Implementations, and Applications. In Proceedings of the 12th ACM Conference on Computer and Communications Security, November 2005.
[3]
Update from the CEO. http://googleblog.blogspot. co.uk/2013/03/update-from-ceo.html.
[4]
Calxeda. http://www.calxeda.com/.
[5]
M. Castro, M. Costa, J.-P. Martin, M. Peinado, P. Akritidis, A. Donnelly, P. Barham, and R. Black. Fast Byte-Granularity Software Fault Isolation. In Proceedings of the 22nd ACM Symposium on Operating Systems Principles, 2009.
[6]
M. E. Conway. Design of a Separable Transition-Diagram Compiler. In Communications of the ACM, 1963.
[7]
Linux Foundation Referenced Specification.http://refspecs.linuxbase.org/.
[8]
U. Erlingsson, S. Valley, M. Abadi, M. Vrable, M. Budiu, and G. C. Necula. XFI: Software Guards for System Address Spaces. In Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation, November 2006.
[9]
B. Ford and R. Cox. Vx32: Lightweight User-level Sandboxing on the x86. In Proceedings of 2008 USENIX Annual Technical Conference, June 2008.
[10]
T. Garfinkel. Traps and Pitfalls: Practical Problems in System Call Interposition Based Security Tools. In Proceedings of the 20th Annual Network and Distributed Systems Security Symposium, February 2003.
[11]
W. K. Giloi and P. Behr. An IPC Protocol and its Hardware Realization for a High-speed Distributed Multicomputer System. In Proceedings of the 8th annual symposium on Computer Architecture, 1981.
[12]
Linux and Chrome OS Sandboxing. https://code.google.com/p/chromium/wiki/LinuxSandboxing.
[13]
gzip. The gzip home page. http://www.gzip.org/.
[14]
J. N. Herder, H. Bos, B. Gras, P. Homburg, and A. S. Tanenbaum. Fault Isolation for Device Drivers. In Proceedings of the 39th IEEE/IFIP International Conference on Dependable Systems and Networks, 2009.
[15]
Intel. Intel 64 and IA-32 Architectures Software Developer's Manual Volume 3: System Programming Guide, Part 1 and Part 2, 2010.
[16]
G. S. Kc, A. D. Keromytis, and V. Prevelakis. Countering Code-Injection Attacks with Instruction-Set Randomization. In Proceedings of the 10th ACM conference on Computer and communications security, CCS'03, October 2003.
[17]
V. Kiriansky, D. Bruening, and S. Amarasinghe. Secure Execution Via Program Shepherding. In Proceedings of the 11th USENIX Security Symposium, August 2002.
[18]
libpng. libpng home page. http://libpng.org/pub/png/libpng.html.
[19]
LMbench - Tools for Performance Analysis. http://www.bitmover.com/lmbench/lmbench.html.
[20]
Y. Mao, H. Chen, D. Zhou, X. Wang, N. Zeldovich, and M. F. Kaashoek. Software fault isolation with API integrity and multi-principal modules. In Proceedings of the 23rd ACM Symposium on Operating Systems Principles, October 2011.
[21]
S. McCamant and G. Morrisett. Evaluating SFI for a CISC architecture. In Proceedings of the 15th conference on USENIX Security Symposium, July 2006.
[22]
S. McCanne and V. Jacobson. The BSD Packet Filter:A New Architecture for User-level Packet Capture. In Proceedings of the 1993 USENIX conference, 1993.
[23]
G. Morrisett, G. Tan, J. Tassarotti, J.-B. Tristan, and E. Gan. RockSalt: Better, Faster, Stronger SFI for the x86. In Proceedings of the 33rd ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI'12, June 2012.
[24]
Linux/Unix nbench.http://www.tux.org/~mayer/linux/bmark.html.
[25]
National Vulnerability Databasel. http://nvd.nist.gov.
[26]
PLT and GOT - the Key to Code Sharing and Dynamic Libraries. https://www.technovelty.org/linux/plt-and-got-the-key-to-code-sharing-and-dynamic-libraries.html.
[27]
L. V. Put, D. Chanet, B. D. Bus, B. D. Sutter, and K. D. Bosschere. DIABLO: a Reliable, Retargetable and Extensible Link-time Rewriting Framework. In Proceedings of the 2005 IEEE International Symposium On Signal Processing And Information Technolog, 2005.
[28]
Remote Procedure Call. http://en.wikipedia.org/wiki/Remote_procedure_call.
[29]
Raspberry Pi, an ARM/GNU Linux Box for $25. http://www.raspberrypi.org/.
[30]
N. Santos, H. Raj, S. Saroiu, and A. Wolman. Using ARM Trustzone to Build a Trusted Language Runtime for Mobile Applications. In Proceedings of the 19th International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS '14, March 2014.
[31]
seccomp. http://lwn.net/Articles/332974/.
[32]
Yet another new approach to seccomp. http://lwn.net/Articles/475043/.
[33]
D. Sehr, R. M. Karl, C. Biffle, V. Khimenko, E. Pasko, K. Schimpf, B. Yee, and B. Chen. Adapting Software Fault Isolation to Contemporary CPU Architectures. In Proceedings of the 19th USENIX Security Symposium, August 2010.
[34]
M. I. Seltzer, Y. Endo, C. Small, and K. A. Smith. Dealing With Disaster: Surviving Misbehaved Kernel Extensions. In Proceedings of the USENIX 2nd Symposium on OS Design and Implementation, 1996.
[35]
H. Shacham, M. Page, B. Pfaff, E.-J. Goh, N. Modadugu, and D. Boneh. On the Effectiveness of Address-Space Randomization. In Proceedings of the 11th ACM conference on Computer and communications security, CCS'04,October 2004.
[36]
M. Sharif, W. Lee, W. Cui, and A. Lanzi. Secure In-VM Monitoring Using Hardware Virtualization. In Proceedings of the 16th ACM Conference on Computer and Communications Security, November 2009.
[37]
J. Siefers, G. Tan, and G. Morrisett. Robusta: Taming the Native Beast of the JVM. In Proceedings of the 17th ACMmConference on Computer and Communications Security, 2010.
[38]
M. M. Swift, M. Annamalai, B. N. Bershad, and H. M. Levy. Recovering Device Drivers. December 2004.
[39]
M. M. Swift, B. N. Bershad, and H. M. Levy. Improving the Reliability of Commodity Operating Systems. In Proceedings of the 19th ACM symposium on Operating Systems Principles, October 2003.
[40]
Tcpdump/Libpcap. http://www.tcpdump.org.
[41]
Translation Lookaside Buffer. http://en.wikipedia. org/wiki/Translation_lookaside_buffer.
[42]
On vsyscalls and the vDSO. http://lwn.net/Articles/446528/.
[43]
R. Wahbe, S. Lucco, T. E. Anderson, and S. L. Graham. Efficient Software-based Fault Isolation. In Proceedings of the 14th ACM Symposium On Operating System Principles, December 1993.
[44]
Z. Wang, C. Wu, M. Grace, and X. Jiang. Isolating Commodity Hosted Hypervisors with HyperLock. In Proceedings of the 7th ACM SIGOPS EuroSys Conference, 2012.
[45]
R. N. Watson and J. Anderson. Capsicum: Practical Capabilities for UNIX. In Proceedings of the 2010 USENIX Annual Technical Conference, June 2010.
[46]
B. Yee, D. Sehr, G. Dardyk, J. B. Chen, R. Muth, T. Orm, S. Okasaka, N. Narula, N. Fullagar, and G. Inc. Native Client: A Sandbox for Portable, Untrusted x86 Native Code. In Proceedings of the 30th IEEE Symposium on Security and Privacy, May 2009.
[47]
B. Zeng, G. Tan, and G. Morrisett. Combining Control-flow Integrity and Static Analysis for Efficient and Validated Data Sandboxing. In Proceedings of the 18th ACM Conference on Computer and Communications Security, CCS'11, October 2011.
[48]
B. Zeng, G. Tan, and G. Morrisett. Combining Control-Flow Integrity and Static Analysis for Efficient and Validated Data Sandboxing. In Proceedings of the 18th ACM Conference on Computer and Communication Security, 2011.
[49]
L. Zhao, G. Li, B. De Sutter, and J. Regehr. ARMor: Fully Verified Software Fault Isolation. In Proceedings of the ninth ACM international conference on Embedded software, EMSOFT'11, October 2011.

Cited By

View all
  • (2025)Segue & ColorGuard: Optimizing SFI Performance and Scalability on Modern ArchitecturesProceedings of the 30th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 110.1145/3669940.3707249(987-1002)Online publication date: 3-Feb-2025
  • (2025)WasDom: An Efficient Write Protection for Wasm JITed Code With ARM DomainIEEE Access10.1109/ACCESS.2025.353775613(26260-26272)Online publication date: 2025
  • (2024)Orbital Shield: Rethinking Satellite Security in the Commercial Off-the-Shelf Era2024 Security for Space Systems (3S)10.23919/3S60530.2024.10592292(1-11)Online publication date: 27-May-2024
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
CCS '14: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security
November 2014
1592 pages
ISBN:9781450329576
DOI:10.1145/2660267
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 03 November 2014

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. armlock
  2. dacr
  3. fault isolation
  4. sfi

Qualifiers

  • Research-article

Funding Sources

Conference

CCS'14
Sponsor:

Acceptance Rates

CCS '14 Paper Acceptance Rate 114 of 585 submissions, 19%;
Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)69
  • Downloads (Last 6 weeks)12
Reflects downloads up to 19 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2025)Segue & ColorGuard: Optimizing SFI Performance and Scalability on Modern ArchitecturesProceedings of the 30th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 110.1145/3669940.3707249(987-1002)Online publication date: 3-Feb-2025
  • (2025)WasDom: An Efficient Write Protection for Wasm JITed Code With ARM DomainIEEE Access10.1109/ACCESS.2025.353775613(26260-26272)Online publication date: 2025
  • (2024)Orbital Shield: Rethinking Satellite Security in the Commercial Off-the-Shelf Era2024 Security for Space Systems (3S)10.23919/3S60530.2024.10592292(1-11)Online publication date: 27-May-2024
  • (2024)Manipulative Interference AttacksProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3690246(4569-4583)Online publication date: 2-Dec-2024
  • (2024)LightZone: Lightweight Hardware-Assisted In-Process Isolation for ARM64Proceedings of the 25th International Middleware Conference10.1145/3652892.3700786(467-480)Online publication date: 2-Dec-2024
  • (2024)sMVX: Multi-Variant Execution on Selected Code PathsProceedings of the 25th International Middleware Conference10.1145/3652892.3654794(62-73)Online publication date: 2-Dec-2024
  • (2024)Lightweight Fault Isolation: Practical, Efficient, and Secure Software SandboxingProceedings of the 29th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 210.1145/3620665.3640408(649-665)Online publication date: 27-Apr-2024
  • (2024)vKernel: Enhancing Container Isolation via Private Code and DataIEEE Transactions on Computers10.1109/TC.2024.338398873:7(1711-1723)Online publication date: Jul-2024
  • (2024)mShield: Protecting In-process Sensitive Data Against Vulnerable Third-Party LibrariesSecurity and Privacy in Communication Networks10.1007/978-3-031-64948-6_25(496-513)Online publication date: 13-Oct-2024
  • (2024)DScope: To Reliably and Securely Acquire Live Data from Kernel-Compromised ARM DevicesComputer Security – ESORICS 202310.1007/978-3-031-51482-1_14(271-289)Online publication date: 11-Jan-2024
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media