This course aims to teach learners about libmpk, a software abstraction for Intel Memory Protection Keys (MPK). The learning outcomes include understanding how libmpk virtualizes hardware protection keys to address security vulnerabilities and scalability issues of MPK. Students will also learn how libmpk can be applied to real-world applications for memory protection and isolation. The course covers topics such as the need for protecting critical memory regions, problems with existing solutions, implementation details of libmpk, and related work in the field. The teaching method involves presenting research findings, examples, and a discussion of performance improvements. This course is intended for individuals interested in software security, memory protection mechanisms, and system performance optimization.
Libmpk - Software Abstraction for Intel Memory Protection Keys
Overview
Syllabus
Intro
SECURITY CRITICAL MEMORY REGIONS NEED PROTECTION
EXAMPLE 1 - HEARTBLEED ATTACK
EXAMPLE 1. EXISTING SOLUTION TO PROTECT MEMORY Process separation
PROBLEMS OF EXISTING SOLUTIONS
OUTLINE
UNDERLINE IMPLEMENTATION
EXAMPLE - JIT PAGE WAX PROTECTION
ASYNCHRONOUS PERMISSION CHANGE - PROS
LATENCY - KEY VIRTUALIZATION
RELATED WORK
CONCLUSION
DISCUSSION Rogue data cache load (Meltdown)
Taught by
USENIX
