This technical paper, titled “Jenny: Securing Syscalls for PKU-based Memory Isolation Systems,” was presented by researchers from Graz University of Technology (Austria) at the August 2022 USENIX Security Symposium in Boston.
“Effective system call filtering is a key component to countering the many exploits and elevation of privilege attacks we face today. For example, modern browsers use sandboxing techniques with system call filtering to isolate critical code. Cloud computing makes heavy use of containers that virtualize the system call interface. Recently, cloud providers are moving to containers in the process for performance reasons and demand for better isolation. A new isolation element that can bridge this gap is called Protection Keys for Userspace (PKU). Unfortunately, previous studies have highlighted serious shortcomings in how PKU-based systems manage system calls and question their safety and practicality.
In this thesis, we comprehensively investigate system call filtering for PKU-based memory isolation systems. First, we identify new attacks based on system calls that can damage the PKU sandbox. Second, we derive the system call filtering rules needed to protect PKU domains and show efficient ways to implement them. Third, we perform a comparative study of different syscall activation techniques in terms of their suitability for PKU, allowing us to design a secure syscall activation technique that is both fast and flexible.
We are designing and prototyping Jenny, a PKU-based memory isolation system that provides powerful user-space system call filtering capabilities. Jenny supports various interpolation methods (such as seccomp and ptrace) and allows nested domain-specific filtering of system calls. In addition, it handles asynchronous signals safely. Our estimate shows a negligible performance impact of 0-5% for nginx.”
You can find the technical article here (prior to publication).
David Schrammel, Samuel Weiser, Richard Sadek, and Stefan Mangard, Graz University of Technology
Chip backdoors: a threat assessment
Steps are being taken to minimize the problems, but implementation will take years.
Security risks increase with commercial ICs
Selecting components from a menu of different suppliers promises to reduce cost and time to market, but it’s not as easy as it sounds.
Chip replacement raises security concerns
Many unknowns will remain in various market segments for decades.
Standardization of chiplet compounds
Why UCIe is so important for heterogeneous integration.
Other security-related technical documents