Hardware-Enforced Fine-Grained Isolation of Untrusted Code

Provided by: Association for Computing Machinery
Topic: Hardware
Format: PDF
The authors present a novel combination of hardware (architecture) and software (compiler) techniques to support the safe execution of untrusted code. While other efforts focus on isolating processes, their approach isolates code and data at a function (as in, C function) level, to enable fine-grained protection within a process as needed for downloaded plugins, libraries, and modifications of open-source projects. Their solution also enforces timing restrictions to detect denial of service from untrusted code, and supports protection of dynamically allocated memory.

Find By Topic