PTStore: Lightweight Architectural Support for Page Table Isolation

Page tables are critical data structures in kernels, serving as the trust base of most mitigation solutions. Their integrity is thus crucial but is often taken for granted. Existing page table protection solutions usually provide insufficient security guarantees, require heavy hardware, or introduce...

Full description

Saved in:
Bibliographic Details
Published in2023 60th ACM/IEEE Design Automation Conference (DAC) pp. 1 - 6
Main Authors Tan, Wende, Chen, Yangyu, Li, Yuan, Liu, Ying, Wu, Jianping, Ding, Yu, Zhang, Chao
Format Conference Proceeding
LanguageEnglish
Published IEEE 09.07.2023
Subjects
Costs
Data structures
Design automation
Hardware
Kernel
Prototypes
Security
Online AccessGet full text
DOI10.1109/DAC56929.2023.10247657

Cover

More Information
Summary:Page tables are critical data structures in kernels, serving as the trust base of most mitigation solutions. Their integrity is thus crucial but is often taken for granted. Existing page table protection solutions usually provide insufficient security guarantees, require heavy hardware, or introduce high overheads. In this paper, we present a novel lightweight hardware-software co-design solution, PTStore, consisting of a secure region storing page tables and tokens verifying page table pointers. Evaluation results on FPGA-based prototypes show that PTStore only introduces <0.92% hardware overheads and <0.86% performance overheads, but provides strong security guarantees, showing that PTStore is efficient and effective.
DOI:10.1109/DAC56929.2023.10247657