Visible to the public Leveraging Hardware Isolation for Process Level Access Control & Authentication

TitleLeveraging Hardware Isolation for Process Level Access Control & Authentication
Publication TypeConference Paper
Year of Publication2017
AuthorsHaider, Syed Kamran, Omar, Hamza, Lebedev, Ilia, Devadas, Srinivas, van Dijk, Marten
Conference NameProceedings of the 22Nd ACM on Symposium on Access Control Models and Technologies
PublisherACM
Conference LocationNew York, NY, USA
ISBN Number978-1-4503-4702-0
Keywordscomposability, hardware isolation, program authentication, pubcrawl, Resiliency, secure processors, trusted platform modules
Abstract

Critical resource sharing among multiple entities in a processing system is inevitable, which in turn calls for the presence of appropriate authentication and access control mechanisms. Generally speaking, these mechanisms are implemented via trusted software "policy checkers" that enforce certain high level application-specific "rules" to enforce a policy. Whether implemented as operating system modules or embedded inside the application ad hoc, these policy checkers expose additional attack surface in addition to the application logic. In order to protect application software from an adversary, modern secure processing platforms, such as Intel's Software Guard Extensions (SGX), employ principled hardware isolation to offer secure software containers or enclaves to execute trusted sensitive code with some integrity and privacy guarantees against a privileged software adversary. We extend this model further and propose using these hardware isolation mechanisms to shield the authentication and access control logic essential to policy checker software. While relying on the fundamental features of modern secure processors, our framework introduces productive software design guidelines which enable a guarded environment to execute sensitive policy checking code - hence enforcing application control flow integrity - and afford flexibility to the application designer to construct appropriate high-level policies to customize policy checker software.

URLhttps://dl.acm.org/citation.cfm?doid=3078861.3078882
DOI10.1145/3078861.3078882
Citation Keyhaider_leveraging_2017