高技术通讯2024,Vol.34Issue(1):33-45,13.DOI:10.3772/j.issn.1002-0470.2024.01.004
基于软硬件协同的细粒度安全域隔离机制
A fine-grained security domain isolation mechanism based on software and hardware cooperation
摘要
Abstract
Attacks based on memory tampering can maliciously modify key data in the program execution environment.Providing a safe and reliable execution environment for programs is an effective means of suppressing malware.In this paper,a solution based on software-hardware collaboration is proposed,which can provide a relatively isolated and secure execution environment for program execution with function calls as granularity.In order to cooperate with the software,two hardware supports are provided at the bottom layer.First,the load/store instruction must perform address check when accessing memory,and the access attribute is also set.Second,add function call iso-lation domain(CFID)on the hardware page table,which is checked for security isolation during TLB conversion.Sharing access strategies are provided in two different occasions.The prototype system on GEM5 is implemented,which can effectively isolate the non-secure environment by running the secure test set.Compared with virtual ma-chine and privilege level switching methods,the hardware implementation has almost no switching overhead.In the test set of SPEC CPU 2006,the overall performance loss of the hardware isolation mechanism proposed in this paper is only 3%.关键词
细粒度/隔离执行/硬件安全/软硬件协同Key words
fine-grained/isolation execution/hardware security/software and hardware cooperation引用本文复制引用
李亚伟,章隆兵,王剑..基于软硬件协同的细粒度安全域隔离机制[J].高技术通讯,2024,34(1):33-45,13.基金项目
①国家重点研发计划(2022YFB3105104)资助项目. (2022YFB3105104)
