ARM架构下硬件辅助的内存隔离机制综述  

作　　者：许佳丽 武成岗[1,2] 王喆 XU Jiali;WU Chenggang;WANG Zhe(State Key Lab of Processors,Institute of Computing Technology,Chinese Academy of Sciences,Beijing 100190;University of Chinese Academy of Sciences,Beijing 100090)

机构地区：[1]处理器芯片全国重点实验室,中国科学院计算技术研究所,北京100190 [2]中国科学院大学,北京100090

出　　处：《高技术通讯》2024年第11期1127-1141,共15页Chinese High Technology Letters

基　　金：国家自然科学基金青年基金(61902374);国家自然科学基金联合重点基金(U1736208)资助项目。

摘　　要：内存隔离是一项缓解软件潜在安全危害、提高软件安全性和鲁棒性的重要防御机制。内存隔离机制保护不同组件中的敏感数据,强制敏感数据仅由组件信任的代码访问。虽然软件漏洞无法避免,但内存隔离机制可以在代码存在漏洞时依旧提供有效的敏感数据隔离保护,使得攻击者无法直接窃取或篡改被隔离的数据。出于性能考虑,依靠硬件辅助的内存隔离机制得到了广泛重视,该方向力求在提供有效安全保证的前提下,利用硬件大幅减少内存隔离机制给软件带来的额外开销。因此大量研究都着力于挖掘硬件潜力,从而支持高效、安全和完备的内存隔离机制。本文针对主流架构之一的ARM,系统性地总结了近年ARM架构硬件辅助的内存隔离机制的相关研究,并进一步归纳出它们的研究现状和适用场景。最后,针对现有硬件辅助内存隔离机制面临的安全现状和新场景,展望了该领域未来的发展方向。Memory isolation is an important defense mechanism used to mitigate potential security hazards and improve the security and robustness of software.The memory isolation mechanism protects data in different components and restricts the data to be accessed only by code trusted by the components.Although software vulnerabilities cannot be avoided,memory isolation can effectively isolate and protect sensitive data so that even if there are vulnerabilities in the code,attackers cannot directly steal or tamper with the isolated data.For performance reasons,hardware-assisted memory isolation mechanisms have been widely emphasized,aiming to effectively reduce the extra overhead of isolation mechanisms to software while providing the same security guarantees.Therefore,the research focuses on exploiting the potential of hardware to provide efficient,secure and complete support for memory isolation mechanisms.This paper systematically summarizes the research on hardware-assisted memory isolation mechanisms and the actual memory isolation mechanisms used in ARM architecture,and further summarizes their current research status and application scenarios.Finally,in view of the current security situation and new scenarios faced by the existing hardware-assisted memory isolation mechanisms,the conception of the future development trend in this field is proposed.

关 键 词：硬件辅助的内存隔离 ARM架构 域隔离 地址隔离 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]