Please note: This PhD seminar will take place online.
Hossam ElAtali, PhD candidate
David R. Cheriton School of Computer Science
Supervisor: Professor N. Asokan
I present Program-Counter-Based Isolation (PBI), a novel hardware mechanism that enables efficient in-process isolation for protecting sensitive data confidentiality and integrity. PBI addresses the fundamental security vulnerability in permission overlay systems by incorporating the program counter (PC) into access permission checks, enabling automatic domain transitions without requiring explicit permission register updates. This eliminates the attack surface introduced by userspace-executable permission modification instructions found in systems like Intel MPK and Arm POE.
I introduce three key contributions: (1) the core PBI mechanism that removes the need for manual memory permission changes when transitioning between security domains, reducing available code gadgets for return-oriented programming attacks; (2) permission inheritance, which allows trusted library code to safely execute with caller permissions, enabling efficient code sharing across mutually distrusting protection domains; and (3) a complete implementation and evaluation demonstrating robust isolation without requiring binary scanning, instruction filtering, or other secondary protection mechanisms. Evaluation on SPEC CPU2017 benchmarks shows PBI achieves its security goals with negligible performance overhead.