作者: Jesse Elwell , Ryan Riley , Nael Abu-Ghazaleh , Dmitry Ponomarev
DOI: 10.1109/HPCA.2014.6835931
关键词:
摘要: Protecting modern computer systems and complex software stacks against the growing range of possible attacks is becoming increasingly difficult. The architecture commodity allows attackers to subvert privileged system often using a single exploit. Once compromised, inclusive permissions used by current architectures operating easily allow compromised high-privileged layer perform arbitrary malicious activities, even on behalf other layers. This paper presents hardware-supported page permission scheme for physical pages that based concept non-inclusive sets memory different layers such as hypervisors, systems, user-level applications. Instead viewing privilege levels an ordered hierarchy with each successive level being more privileged, we view them distinct its own set permissions. Such mechanism, implemented part processor architecture, provides common framework defending recent attacks. We demonstrate protection can be achieved negligible performance overhead, low hardware complexity minimal changes OS hypervisor code.