高级检索

硬件辅助的进程内安全防护技术

Hardware-assisted intra-process protection technologies

  • 摘要: 随着软件生态高度模块化和第三方代码广泛集成,传统“进程内一切平等”的资源访问模型暴露出严重安全隐患。单纯依靠软件安全防护机制面临性能瓶颈、元数据易被篡改及兼容性差等固有局限,因此处理器硬件辅助的进程内安全防护机制成为一个重要的发展方向。文章综述了处理器硬件辅助的进程内安全防护技术。首先梳理了商业处理器中的现有硬件机制,包括NX位、CET、MPK、PAC和MTE等,指出它们的共性问题,如缺少可信基、标签空间受限、系统调用保护缺失等。随后,从指针级检查、隔离域保护、系统调用拦截和寄存器分区保护四个方向系统分析了学术界的最新研究进展和发展趋势,并总结了现有方案仍存在的不足。最后介绍了一种以代码片段为主体、支持动态权限域划分的系统性安全隔离方案DASICS。

     

    Abstract:   As software ecosystems become highly modular and third-party code is widely integrated, the traditional "all-equal" resource access model within a process has exposed severe security vulnerabilities. Relying solely on software-based security mechanisms faces inherent limitations, including performance bottlenecks, susceptibility to metadata tampering, and poor compatibility. Consequently, hardware-assisted security protection has emerged as an important development direction.
      This article surveys hardware-assisted intra-process protection technologies. It first reviews existing mechanisms in commercial processors, including NX bit, CET, MPK, PAC, and MTE, identifying common issues such as the lack of an in-process trusted base, limited tag space, and the absence of system call protection. Subsequently, it systematically analyzes the latest academic research progress and development trends from four directions: pointer-level checking, compartment-based protection, system call interception, and register partitioning, summarizing the shortcomings of existing solutions. Finally, it introduces DASICS, a systematic security isolation scheme based on code segments that supports dynamic permission domain partitioning.)

     

/

返回文章
返回