A Machine Learning-Assisted Compartmentalization Scheme for Bare-Metal Systems

Dongdong Huo, Chao Liu, Xiao Wang, Mingxuan Li, Yu Wang, Yazhe Wang, Peng Liu, Zhen Xu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

A primary concern in creating compartments (i.e., protection domains) for bare-metal systems is to adopt the applicable compartmentalization policy. Existing studies have proposed several typical policies in literature. However, neither of the policies consider the influence of unsafe functions on the compartment security that a vulnerable function would expose unpredictable attack surfaces, which could be exploited to manipulate any contents that are stored in the same compartment. In this paper, we design a machine learning-assisted compartmentalization scheme, which adopts a new policy that takes every function’s security into full account, to create compartments for bare-metal systems. First, the scheme takes advantage of the machine learning method to predict how likely a function holds an exploitable security bug. Second, the prediction results are used to create a new instrumented firmware that isolates vulnerable and normal functions into different compartments. Further, the scheme provides some optional optimization plans to the developer to improve the performance. The PoC of the scheme is incorporated into an LLVM-based compiler and evaluated on a Cortex-M based IoT device. Compared with the firmware adopting other typical policies, the firmware with the new policy not only shows better security but also assures the overhead basically unchanged.

Original languageEnglish (US)
Title of host publicationInformation and Communications Security - 22nd International Conference, ICICS 2020, Proceedings
EditorsWeizhi Meng, Dieter Gollmann, Christian D. Jensen, Jianying Zhou
PublisherSpringer Science and Business Media Deutschland GmbH
Pages20-35
Number of pages16
ISBN (Print)9783030610777
DOIs
StatePublished - 2020
Event22nd International Conference on Information and Communications Security, ICICS 2020 - Copenhagen, Denmark
Duration: Aug 24 2020Aug 26 2020

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume12282 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference22nd International Conference on Information and Communications Security, ICICS 2020
CountryDenmark
CityCopenhagen
Period8/24/208/26/20

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • Computer Science(all)

Fingerprint Dive into the research topics of 'A Machine Learning-Assisted Compartmentalization Scheme for Bare-Metal Systems'. Together they form a unique fingerprint.

Cite this