A Compiler for Transparent Namespace-Based Access Control for the Zeno Architecture

Jacob Abraham, Alan Ehret, Michel A. Kinsy

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

With memory safety and security issues continuing to plague modern systems, security is rapidly becoming a first class priority in new architectures and competes directly with performance and power efficiency. The capability-based architecture model provides a promising solution to many memory vulnerabilities by replacing plain addresses with capabilities, i.e., addresses and related metadata. A key advantage of the capability model is compatibility with existing code bases. Capabilities can be implemented transparently to a programmer, i.e., without source code changes. Capabilities leverage semantics in source code to describe access permissions but require customized compilers to translate the semantics to their binary equivalent.In this work, we introduce a complete capabilityaware compiler toolchain for such secure architectures. We illustrate the compiler construction with a RISC-V capability-based architecture, called Zeno. As a securityfocused, large-scale, global shared memory architecture, Zeno implements a Namespace-based capability model for accesses. Namespace IDs (NSID) are encoded with an extended addressing model to associate them with access permission metadata elsewhere in the system. The NSID extended addressing model requires custom compiler support to fully leverage the protections offered by Namespaces. The Zeno compiler produces code transparently to the programmer that is aware of Namespaces and maintains their integrity. The Zeno assembler enables custom Zeno instructions which support secure memory operations. Our results show that our custom toolchain moderately increases the binary size compared to nonZeno compilation. We find the minimal overhead incurred by the additional NSID management instructions to be an acceptable trade-off for the memory safety and security offered by Zeno Namespaces.

Original languageEnglish (US)
Title of host publicationProceedings - 2022 IEEE International Symposium on Secure and Private Execution Environment Design, SEED 2022
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages1-10
Number of pages10
ISBN (Electronic)9781665485265
DOIs
StatePublished - 2022
Externally publishedYes
Event2022 IEEE International Symposium on Secure and Private Execution Environment Design, SEED 2022 - Storrs, United States
Duration: Sep 26 2022Sep 27 2022

Publication series

NameProceedings - 2022 IEEE International Symposium on Secure and Private Execution Environment Design, SEED 2022

Conference

Conference2022 IEEE International Symposium on Secure and Private Execution Environment Design, SEED 2022
Country/TerritoryUnited States
CityStorrs
Period9/26/229/27/22

Keywords

  • Capability
  • Compiler
  • Global Shared Memory Space
  • RISC-V
  • Security

ASJC Scopus subject areas

  • Hardware and Architecture
  • Software
  • Safety, Risk, Reliability and Quality

Fingerprint

Dive into the research topics of 'A Compiler for Transparent Namespace-Based Access Control for the Zeno Architecture'. Together they form a unique fingerprint.

Cite this