Endokernel: A Thread Safe Monitor for Lightweight Subprocess Isolation

Authors: 

Fangfei Yang, Rice University; Bumjin Im, Amazon.com; Weijie Huang, Rice University; Kelly Kaoudis, Trail of Bits; Anjo Vahldiek-Oberwagner, Intel Labs; Chia-Che Tsai, Texas A&M University; Nathan Dautenhahn, Riverside Research

Abstract: 

Compartmentalization decomposes applications into isolated components, effectively confining the scope of potential security breaches. Recent approaches nest the protection monitor within processes for efficient memory isolation at the cost of security. However, these systems lack solutions for efficient multithreaded safety and neglect kernel semantics that can be abused to bypass the monitor.

The Endokernel is an intra-process security monitor that isolates memory at subprocess granularity. It ensures backwards-compatible and secure emulation of system interfaces, a task uniquely challenging due to the need to analyze OS and hardware semantics beyond mere interface usability. We introduce an inside-out methodology where we identify core OS primitives that allow bypass and map that back to the interfaces that depend on them. This approach led to the identification of several missing policies as well as aided in developing a fine-grained locking approach to deal with complex thread safety when inserting a monitor between the OS and the application. Results indicate that we can achieve fast isolation while greatly enhancing security and maintaining backwards-compatibility, and also showing a new method for systematically finding gaps in policies.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX
@inproceedings {299900,
author = {Fangfei Yang and Bumjin Im and Weijie Huang and Kelly Kaoudis and Anjo Vahldiek-Oberwagner and Chia-che Tsai and Nathan Dautenhahn},
title = {Endokernel: A Thread Safe Monitor for Lightweight Subprocess Isolation},
booktitle = {33rd USENIX Security Symposium (USENIX Security 24)},
year = {2024},
isbn = {978-1-939133-44-1},
address = {Philadelphia, PA},
pages = {145--162},
url = {https://www.usenix.org/conference/usenixsecurity24/presentation/yang-fangfei},
publisher = {USENIX Association},
month = aug
}

Presentation Video