Reference 1
Q&A How to determine the size of object? How to store the bound info in MPX? How to do bound checking? How to choose the instrumentation point? A Map from instruction to the pointer it want to access? Reference 1 Overview A module pass: class llmpx: public ModulePass runOnModule(Module &) Methods: mpxPass(Module &) harden_cfi(Module &) create_global_constants(Module &) collect_safe_access(Module &) transform_functions(Module &) transform_global(Module &)
References: Vahldiek-Oberwagner, Anjo, Eslam Elnikety, Nuno O. Duarte, Michael Sammler, Peter Druschel, and Deepak Garg. “ERIM: Secure, efficient in-process isolation with protection keys (MPK).” In 28th USENIX Security Symposium (USENIX Security 19), pp. 1221-1238. 2019. Background Intel MPK: 4-bits permission bits in page table entry; 16 disjoint domains. PKRU: 32-bit registers; 2-bits perms for each region. 11-260 cycles to update PKRU. 0.07 to 1.0% overhead per 100,000 switches/s on a 2.
If you could revise
the fundmental principles of
computer system design
to improve security...
... what would you change?