2024

1. SEC 24

   RustSan: Retrofitting AddressSanitizer for Efficient Sanitization of Rust (to appear)

   Kyuwon Cho, Jongyoon Kim, Kha Dinh Duy, and Hojoon Lee

   In 33nd USENIX Security Symposium (USENIX Security 24), 2024

2023

1. CCS 23

   Capacity: Cryptographically-Enforced In-Process Capabilities for Modern ARM Architectures

   Kha Dinh Duy, Kyuwon Cho, Taehyun Noh, and Hojoon Lee

   In Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, 2023

   Distinguished Paper Award

   Abs Bib PDF Slides Website

   In-process compartmentalization and access control have been actively explored to provide in-place and efficient isolation of in-process security domains. Many works have proposed compartmentalization schemes that leverage hardware features, most notably using the new page-based memory isolation feature called Protection Keys for Userspace (PKU) on x86. Unfortunately, the modern ARM architecture does not have an equivalent feature. Instead, newer ARM architectures introduced Pointer Authentication (PA) and Memory Tagging Extension (MTE), adapting the reference validation model for memory safety and runtime exploit mitigation. We argue that those features have been underexplored in the context of compartmentalization and that they can be retrofitted to implement a capability-based in-process access control scheme.This paper presents Capacity, a novel hardware-assisted intra-process access control design that embraces capability-based security principles. Capacity coherently incorporates the new hardware security features on ARM that already exhibit inherent characteristics of capability. It supports the life-cycle protection of the domain’s sensitive objects - starting from their import from the file system to their place in memory. With intra-process domains authenticated with unique PA keys, Capacity transforms file descriptors and memory pointers into cryptographically-authenticated references and completely mediates reference usage with its program instrumentation framework and an efficient system call monitor. We evaluate our Capacity-enabled NGINX web server prototype and other common applications in which sensitive resources are isolated into different domains. Our evaluation shows that Capacity incurs a low-performance overhead of approximately 17% for the single-threaded and 13.54% for the multi-threaded webserver.

   @inproceedings{capacity,
     author = {Dinh Duy, Kha and Cho, Kyuwon and Noh, Taehyun and Lee, Hojoon},
     title = {Capacity: Cryptographically-Enforced In-Process Capabilities for
                Modern ARM Architectures},
     year = {2023},
     isbn = {9798400700507},
     publisher = {Association for Computing Machinery},
     address = {New York, NY, USA},
     url = {https://doi.org/10.1145/3576915.3623079},
     doi = {10.1145/3576915.3623079},
     booktitle = {Proceedings of the 2023 ACM SIGSAC Conference on Computer and
                    Communications Security},
     pages = {874–888},
     numpages = {15},
     keywords = {compartmentalization, pointer authentication, capabilities},
     location = {<conf-loc>, <city>Copenhagen</city>, <country>Denmark</country>,
                   </conf-loc>},
     series = {CCS '23},
   }

2. TCC

   SE-PIM: In-Memory Acceleration of Data-Intensive Confidential Computing

   Kha Dinh Duy, and Hojoon Lee

   IEEE Transactions on Cloud Computing, 2023

   PDF

2021

1. Access

   Confidential Machine Learning Computation in Untrusted Environments: A Systems Security Perspective

   Kha Dinh Duy, Taehyun Noh, Siwon Huh, and Hojoon Lee

   IEEE Access, 2021