Saved in:
Bibliographic Details
Main Authors: Unterguggenberger, Martin, Lamster, Lukas, Schrammel, David, Schwarzl, Martin, Mangard, Stefan
Format: Preprint
Published: 2024
Subjects:
Online Access:https://arxiv.org/abs/2407.10740
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866908477295689728
author Unterguggenberger, Martin
Lamster, Lukas
Schrammel, David
Schwarzl, Martin
Mangard, Stefan
author_facet Unterguggenberger, Martin
Lamster, Lukas
Schrammel, David
Schwarzl, Martin
Mangard, Stefan
contents Efficient cloud computing relies on in-process isolation to optimize performance by running workloads within a single process. Without heavy-weight process isolation, memory safety errors pose a significant security threat by allowing an adversary to extract or corrupt the private data of other co-located tenants. Existing in-process isolation mechanisms are not suitable for modern cloud requirements, e.g., MPK's 16 protection domains are insufficient to isolate thousands of cloud workers per process. Consequently, cloud service providers have a strong need for lightweight in-process isolation on commodity x86 machines. This paper presents TME-Box, a novel isolation technique that enables fine-grained and scalable sandboxing on commodity x86 CPUs. By repurposing Intel TME-MK, which is intended for the encryption of virtual machines, TME-Box offers lightweight and efficient in-process isolation. TME-Box enforces that sandboxes use their designated encryption keys for memory interactions through compiler instrumentation. This cryptographic isolation enables fine-grained access control, from single cache lines to full pages, and supports flexible data relocation. In addition, the design of TME-Box allows the efficient isolation of up to 32K concurrent sandboxes. We present a performance-optimized TME-Box prototype, utilizing x86 segment-based addressing, that showcases geomean performance overheads of 5.2 % for data isolation and 9.7 % for code and data isolation, evaluated with the SPEC CPU2017 benchmark suite.
format Preprint
id arxiv_https___arxiv_org_abs_2407_10740
institution arXiv
publishDate 2024
record_format arxiv
spellingShingle TME-Box: Scalable In-Process Isolation through Intel TME-MK Memory Encryption
Unterguggenberger, Martin
Lamster, Lukas
Schrammel, David
Schwarzl, Martin
Mangard, Stefan
Cryptography and Security
Efficient cloud computing relies on in-process isolation to optimize performance by running workloads within a single process. Without heavy-weight process isolation, memory safety errors pose a significant security threat by allowing an adversary to extract or corrupt the private data of other co-located tenants. Existing in-process isolation mechanisms are not suitable for modern cloud requirements, e.g., MPK's 16 protection domains are insufficient to isolate thousands of cloud workers per process. Consequently, cloud service providers have a strong need for lightweight in-process isolation on commodity x86 machines. This paper presents TME-Box, a novel isolation technique that enables fine-grained and scalable sandboxing on commodity x86 CPUs. By repurposing Intel TME-MK, which is intended for the encryption of virtual machines, TME-Box offers lightweight and efficient in-process isolation. TME-Box enforces that sandboxes use their designated encryption keys for memory interactions through compiler instrumentation. This cryptographic isolation enables fine-grained access control, from single cache lines to full pages, and supports flexible data relocation. In addition, the design of TME-Box allows the efficient isolation of up to 32K concurrent sandboxes. We present a performance-optimized TME-Box prototype, utilizing x86 segment-based addressing, that showcases geomean performance overheads of 5.2 % for data isolation and 9.7 % for code and data isolation, evaluated with the SPEC CPU2017 benchmark suite.
title TME-Box: Scalable In-Process Isolation through Intel TME-MK Memory Encryption
topic Cryptography and Security
url https://arxiv.org/abs/2407.10740