On modern commodity systems, protection domain separation is limited by the paging system. This increases the attack surface of software components, as they often have to share more memory with an distrusted component than necessary. The objective of this work is to provide an alternative to copy intensive or wasteful page-granular shared mappings, while having small protection domains. The prototype demonstrates that CHERI's byte-granular memory protection can be used across different virtual address spaces by combining it with L4Re's capability system. This work describes the necessary design changes to the L4Re kernel and their implementation. Byte-granular mapping is integrated into a in-memory file-system for evaluation. The evaluation shows the overhead associated with byte-granular mappings in standard mapping operations.
Byte-granular memory mapping with CHERI and L4Re
Verteidigung der Diplomarbeit