libmpk: Software Abstraction for Intel Memory Protection Keys
Intel memory protection keys (MPK) is a new hardware feature to support thread-local permission control on groups of pages without requiring modification of page tables. Unfortunately, its current hardware implementation and software supports suffer from security, scalability, and semantic-gap problems: (1) MPK is vulnerable to protection-key-use-after-free and protection-key corruption; (2) MPK does not scale due to hardware limitations; and (3) MPK is not perfectly compatible with mprotect() because it does not support permission synchronization across threads. In this paper, we propose libmpk, a software abstraction for MPK. libmpk virtualizes protection keys to eliminate the protection-key-use-after-free and protection-key corruption problems while supporting a tremendous number of memory page groups. libmpk also prevents unauthorized writes to its metadata and supports inter-thread key synchronization. We apply libmpk to three real-world applications: OpenSSL, JavaScript JIT compiler, and Memcached for memory protection and isolation. An evaluation shows that libmpk introduces negligible performance overhead (<1 improves their performance by 8.1x over secure equivalents using mprotect(). The source code of libmpk will be publicly available and maintained as an open source project.
READ FULL TEXT