You are here
IA 2: Intent-Capturing Annotations for Isolation and Assurance
Title: plarsen
Phone: (949) 293-7927
Email: perl@immunant.com
Title: plarsen
Phone: (949) 293-7927
Email: perl@immunant.com
Contact: Natalie Tedford
Address:
Phone: (949) 824-8109
Type: Nonprofit College or University
Software and hardware flaws can be exploited to make programs perform unintended computations or leak sensitive data. We propose to counter these threats by isolating libraries and other program units inside a single process. The developer will insert source-level annotations that i) map code and data units to compartments and ii) capture how each compartment is intended to interact with others, iii) enumerate the privileges required by code in each compartment. We will develop a compartmentalization substrate that enforces the captured intents by i) limiting the control and data flows between compartments to those strictly necessary for the program to operate correctly, and ii) limiting privileges of untrusted compartments. We will use features added to modern processors to make switches between compartments more efficient than context switches between processes while providing comparable isolation and security properties. We will ensure that the resulting technique will remain compatible with and complement existing defenses thus providing another layer of security that reduces the blast radius of as-of-yet undiscovered vulnerabilities. The technology we develop must be deployable, therefore we will aim for solutions that have negligible performance overheads, make few demands of developers, and remain fully compatible with most if not all existing code.
* Information listed above is at the time of submission. *