Policy Implementation And Engineering For Tagged Architectures

Thumbnail Image
Degree type
Doctor of Philosophy (PhD)
Graduate group
Computer and Information Science
Computer security
Privilege Quantification
Stack protection
Tagged architectures
Computer Sciences
Grant number
Copyright date
Related resources
Roessler, Nicholas

Tagged architectures have seen renewed interest as a means to improve the security and reliability of computing systems. Rich, programmable tag-based hardware security monitors like the PUMP allow software-defined security policies to benefit from hardware acceleration. The thesis of this work is that policies for programmable tagged architectures (1) can be engineered to enforce critical security properties at low cost, (2) can protect real programs running on real ISAs, and (3) can be applied automatically to programs—that is with compilation passes or automatic analysis—so that the benefits of such an architecture can be brought to existing and new software with minimal human intervention. To support this claim, I have constructed a range of security policies that run on real workloads automatically, modeled their overheads using architectural simulations, explored tradeoffs in policy design and engineering to reduce their costs, and finally characterized them by their security properties. As examplar policies, I have created stack and heap memory protection policies that can thwart traditional memory corruption vulnerabilities. Additionally, I have built a compartmentalization framework that allows a security engineer to automatically generate and evaluate a wide range of tag-based compartmentalization strategies. To generate compartments automatically, the framework includes algorithms for quantitatively minimizing overprivilege and packing the rules required for those policies into manageable sets that can be cached favorably for high performance. Across these three categories of policies, I present the following policy engineering contributions: (1) lazy tagging, an optimization that reduces the cost of tagging memory objects, (2) rule packing, a technique for relaxing policies in key ways to improve their performance, and (3) rule prefetching, a technique that can exploit predictable rule sequences by preemptively fetching and installing rules before they are needed.

André M. DeHon
Jonathan M. Smith
Date of degree
Date Range for Data Collection (Start Date)
Date Range for Data Collection (End Date)
Digital Object Identifier
Series name and number
Volume number
Issue number
Publisher DOI
Journal Issue
Recommended citation