Efficient cloud computing relies on in-process isolation to optimize performance by running workloads within a single process. Without heavy-weight process isolation, memory safety errors pose a significant security threat by allowing an adversary to extract or corrupt the private data of other co-located tenants. Existing in-process isolation mechanisms are not suitable for modern cloud requirements, e.g., MPK's 16 protection domains are insufficient to isolate thousands of cloud workers per process. Consequently, cloud service providers have a strong need for lightweight in-process isolation on commodity x86 machines. This paper presents TME-Box, a novel isolation technique that enables fine-grained and scalable sandboxing on commodity x86 CPUs. By repurposing Intel TME-MK, which is intended for the encryption of virtual machines, TME-Box offers lightweight and efficient in-process isolation. TME-Box enforces that sandboxes use their designated encryption keys for memory interactions through compiler instrumentation. This cryptographic isolation enables fine-grained access control, from single cache lines to full pages, and supports flexible data relocation. In addition, the design of TME-Box allows the efficient isolation of up to 32K concurrent sandboxes. We present a performance-optimized TME-Box prototype, utilizing x86 segment-based addressing, that showcases geomean performance overheads of 5.2 % for data isolation and 9.7 % for code and data isolation, evaluated with the SPEC CPU2017 benchmark suite.
翻译:高效的云计算依赖于进程内隔离技术,通过在单一进程内运行工作负载以优化性能。若缺乏重量级的进程隔离机制,内存安全错误将带来严重的安全威胁,攻击者可能借此提取或破坏其他共置租户的私有数据。现有的进程内隔离机制难以满足现代云计算需求,例如MPK仅提供16个保护域,不足以隔离每个进程中数以千计的云工作线程。因此,云服务提供商亟需在商用x86机器上实现轻量级进程内隔离。本文提出TME-Box,一种创新的隔离技术,可在商用x86 CPU上实现细粒度且可扩展的沙箱隔离。通过重新利用原本为虚拟机加密设计的英特尔TME-MK技术,TME-Box提供了轻量高效的进程内隔离方案。该技术通过编译器插桩强制沙箱使用指定的加密密钥进行内存交互,这种加密隔离机制支持从单条缓存线到完整页面的细粒度访问控制,并允许灵活的数据重定位。此外,TME-Box的设计可高效隔离多达32K个并发沙箱。我们开发了基于x86分段寻址的性能优化原型,经SPEC CPU2017基准测试套件评估,其数据隔离的几何平均性能开销为5.2%,代码与数据联合隔离的开销为9.7%。