Micro-Policies: Formally Verified, Tag-Based Security Monitors

Recent advances in hardware design have demonstrated mechanisms allowing a wide range of low-level security policies (or micro-policies) to be expressed using rules on metadata tags. We propose a methodology for defining and reasoning about such tag-based reference monitors in terms of a high-level...

Full description

Saved in:
Bibliographic Details
Published in2015 IEEE Symposium on Security and Privacy pp. 813 - 830
Main Authors de Amorim, Arthur Azevedo, Denes, Maxime, Giannarakis, Nick, Hritcu, Catalin, Pierce, Benjamin C., Spector-Zabusky, Antal, Tolmach, Andrew
Format Conference Proceeding
LanguageEnglish
Published IEEE 01.05.2015
Subjects
Concrete
Hardware
Monitoring
Registers
Safety
Transfer functions
Online AccessGet full text

Cover

More Information
Summary:Recent advances in hardware design have demonstrated mechanisms allowing a wide range of low-level security policies (or micro-policies) to be expressed using rules on metadata tags. We propose a methodology for defining and reasoning about such tag-based reference monitors in terms of a high-level "symbolic machine" and we use this methodology to define and formally verify micro-policies for dynamic sealing, compartmentalization, control-flow integrity, and memory safety, in addition, we show how to use the tagging mechanism to protect its own integrity. For each micro-policy, we prove by refinement that the symbolic machine instantiated with the policy's rules embodies a high-level specification characterizing a useful security property. Last, we show how the symbolic machine itself can be implemented in terms of a hardware rule cache and a software controller.
ISSN:1081-6011
2375-1207
DOI:10.1109/SP.2015.55