Explore fine-grained execution units with private memory in this IEEE Symposium on Security & Privacy presentation. Delve into the concept of "shreds," a set of OS-backed programming primitives designed to protect sensitive memory content against in-process adversaries. Learn how shreds offer in-process private memory without relying on separate page tables, nested paging, or modified hardware. Discover the implementation of shreds on Linux, including the compiler toolchain and OS module. Examine practical applications and performance evaluations using real-world software like OpenSSH and Lighttpd. Gain insights into system components, challenges, and solutions for implementing shreds, as well as runtime protections and compiler optimizations. Understand how this approach addresses developers' needs for fine-grained, convenient, and efficient memory protection, potentially revolutionizing software security practices.
Shreds - Fine-Grained Execution Units with Private Memory
Overview
Syllabus
Intro
Execution Units
In-process Memory Abuses
Potential Mitigations of in-Process Abuse
Introducing Shred
Example Use Case cont
Code Example-Lighttpd
Code Example cont.
System overview Two major components
System Component: S-driver
How S-pool is Built
Challenges & Solutions
S-pool Managements S-driver will
Moving the Domain Adjustments Off the Critical Path
Runtime Protections
System Component: S-compiler
Evaluation cont.
Conclusion
Taught by
IEEE Symposium on Security and Privacy
