28479

Efficiency without Tears: Securing Multilingual Programs with TRINITY

Hao Zhu, Baojian Hua, Xinrong Lin, Yufei Wu
School of Software Engineering, University of Science and Technology of China
University of Science and Technology of China, 2023

@article{zhu2023efficiency,

   title={Efficiency without Tears: Securing Multilingual Programs with TRINITY},

   author={Zhu, Hao and Hua, Baojian and Lin, Xinrong and Wu, Yufei},

   year={2023}

}

Download Download (PDF)   View View   Source Source   

448

views

Despite the fact that most real-world programs are developed in multiple languages in the era of data science, existing security techniques are still limited to single-language programs. Worse yet, languages designed for high-performance computing often ignore the necessary security checking in foreign function interfaces (FFI) to pursue supreme execution efficiency. In consequence, security flaws and vulnerabilities in these systems might cause security issues, defeating their efficiency benefits. In this paper, we present TRINITY, the first holistic infrastructure designed to effectively and efficiently secure the FFIs of multilingual programs in high-performance computing scenarios. TRINITY consists of two key components: 1) a privilege separation by memory isolation to protect memory; and 2) a pointer sanitizer to sanitize memory accesses by unsafe code. The privilege separation is based on the latest Intel MPK hardware primitives, and the pointer sanitization is based on an indirection table data structure managed in host language memory, storing important meta information about host data. We have designed and implemented a prototype of TRINITY for Julia-C multilingual programs and carried out extensive experiments to evaluate its effectiveness, performance, and usefulness on microbenchmarks and real-world applications from diverse yet representative domains, including heterogeneous computing, web servers, databases, and machine learning. The experimental results demonstrate that TRINITY effectively safeguards memory access from unsafe guest code with low overheads: 4.7% for OpenCL, 6.4% for JuliaDB, and 2.17% for Knet, respectively.
No votes yet.
Please wait...

* * *

* * *

HGPU group © 2010-2024 hgpu.org

All rights belong to the respective authors

Contact us: