IA 2: Intent-Capturing Annotations for Isolation and Assurance

Software and hardware flaws can be exploited to make programs perform unintended computations or leak sensitive data. We propose to counter these threats by isolating libraries and other program units inside a single process. The developer will insert source-level annotations that i) map code and data units to compartments and ii) capture how each compartment is intended to interact with others, iii) enumerate the privileges required by code in each compartment. We will develop a compartmentalization substrate that enforces the captured intents by i) limiting the control and data flows between compartments to those strictly necessary for the program to operate correctly, and ii) limiting privileges of untrusted compartments. We will use features added to modern processors to make switches between compartments more efficient than context switches between processes while providing comparable isolation and security properties.  We will ensure that the resulting technique will remain compatible with and complement existing defenses thus providing another layer of security that reduces the blast radius of as-of-yet undiscovered vulnerabilities. The technology we develop must be deployable, therefore we will aim for solutions that have negligible performance overheads, make few demands of developers, and remain fully compatible with most if not all existing code.