Leveraging hardware isolation for process level access control & authentication

3Citations
Citations of this article
7Readers
Mendeley users who have this article in their library.

Abstract

Critical resource sharing among multiple entities in a processing system is inevitable, which in turn calls for the presence of appropriate authentication and access control mechanisms. Generally speaking, these mechanisms are implemented via trusted software "policy checkers" that enforce certain high level application-specific "rules" to enforce a policy. Whether implemented as operating system modules or embedded inside the application ad hoc, these policy checkers expose additional attack surface in addition to the application logic. In order to protect application software from an adversary, modern secure processing platforms, such as Intel's software Guard Extensions (SGX), employ principled hardware isolation to offer secure software containers or enclaves to execute trusted sensitive code with some integrity and privacy guarantees against a privileged software adversary. We extend this model further and propose using these hardware isolation mechanisms to shield the authentication and access control logic essential to policy checker software. While relying on the fundamental features of modern secure processors, our framework introduces productive software design guidelines which enable a guarded environment to execute sensitive policy checking code - hence enforcing application control flow integrity - and afford flexibility to the application designer to construct appropriate high-level policies to customize policy checker software.

Cite

CITATION STYLE

APA

Haider, S. K., Omar, H., Lebedev, I., Devadas, S., & Van Dijk, M. (2017). Leveraging hardware isolation for process level access control & authentication. In Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT (Vol. Part F128644, pp. 133–141). Association for Computing Machinery. https://doi.org/10.1145/3078861.3078882

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free