Welcome to the Secure Rewind and Discard Project Website! You can find three published papers and their artifact code here.

-> Rewind & Discard: Improving Software Resilience using Isolated Domains Go to Rewind & Discard

-> Exploring the Environmental Benefits of In-Process Isolation for Software Resilience Go to Rewind & Discard

-> Friend or Foe Inside? Exploring In-Process Isolation to Maintain Memory Safety for Unsafe Rust Go to Rewind & Discard

-> Secure Rewind and Discard on Arm Morello Go to Rewind & Discard


Publications


Rewind & Discard: Improving Software Resilience using Isolated Domains (2023)

Merve Gülmez, Thomas Nyman, Christoph Baumann, Jan Tobias Mühlberg

DOI:10.1109/DSN58367.2023.00046 (accepted at IEEE DSN’23)

Open Access :

Extended Version: arXiv:1905.10242 [cs.CR]

Abstract

Well-known defenses exist to detect and mitigate common faults and memory safety vulnerabilities in software. Yet, many of these mitigations do not address the challenge of software resilience and availability, i.e., whether a system can continue to carry out its function and remain responsive, while being under attack and subjected to malicious inputs. We propose secure rewind and discard of isolated domains as an efficient and secure method of improving the resilience of software that is targeted by run-time attacks. In difference to established approaches, we rely on compartmentalization instead of replication and checkpointing. We show the practicability of our methodology by realizing a software library for Secure Domain Rewind and Discard SDRaD and demonstrate how SDRaD can be applied to real-world software.

@inproceedings{Gulmez23a,
  author = {Gülmez, Merve and Nyman, Thomas and Baumann, Christoph and 
            Mühlberg, Jan Tobias},
  title = {Rewind \& Discard: Improving Software Resilience Using Isolated Domains},
  booktitle = {Proceedings of 53rd Annual IEEE/IFIP International Conference on  
               Dependable Systems and Networks},
  series = {DSN '23},
  month = {jun},
  year = {2023},
  pages = {402--416},
  issn = {2158-3927},
  url = {http://doi.org/10.1109/DSN58367.2023.00046}, 
  doi = {10.1109/DSN58367.2023.00046},
  location = {Porto, Portugal},
  publisher = {IEEE Computer Society},
  address = {Washington, DC, USA},
}

@misc{Gulmez22,
  author = {Gülmez, Merve and Nyman, Thomas and Baumann, Christoph and 
            Mühlberg, Jan Tobias},
  title = {Unlimited Lives: Secure In-Process Rollback with Isolated Domains},
  year = {2022},  
  doi = {10.48550/ARXIV.2205.03205},  
  howpublished = {\tt arXiv:2205.03205 [cs.CR]}, 
  url = {https://arxiv.org/abs/2205.03205},
}

Source Code

Source code for the SDRaD implementation is available at EricssonResearch / secure-rewind-and-discard

Exploring the Environmental Benefits of In-Process Isolation for Software Resilience(2023)

Merve Gülmez, Thomas Nyman, Christoph Baumann, Jan Tobias Mühlberg

DOI:10.1109/DSN-S58398.2023.00056 (accepted at IEEE DSN’23)

arXiv:2306.02131 [cs.CR]

Abstract

Memory-related errors remain an important cause of software vulnerabilities. While mitigation techniques such as using memory-safe languages are promising solutions, these do not address software resilience and availability. In this paper, we propose a solution to build resilience against memory attacks into software, which contributes to environmental sustainability and security.

@inproceedings{Gulmez23b,
  author = {Gülmez, Merve and Nyman, Thomas and Baumann, Christoph and 
            Mühlberg, Jan Tobias},
  title = {Exploring the Environmental Benefits of In-Process Isolation for 
           Software Resilience},
  booktitle = {Proceedings of 53rd Annual IEEE/IFIP International Conference on 
               Dependable Systems and Networks - Supplemental Volume (DSN-S)},
  series = {DSN '23},
  month = {jun},
  year = {2023},
  pages = {203--205},
  issn = {2833-292X/23},
  url = {http://doi.org/10.1109/DSN-S58398.2023.00056},
  doi = {10.1109/DSN-S58398.2023.00056},
  location = {Porto, Portugal},
  publisher = {IEEE Computer Society},
  address = {Washington, DC, USA},
}
@misc{Gulmez23c,
  author = {Gülmez, Merve and Nyman, Thomas and Baumann, Christoph and 
            Mühlberg, Jan Tobias},
  title = {Exploring the Environmental Benefits of In-Process Isolation for 
           Software Resilience},     
  year = {2023}, doi = {10.48550/ARXIV.2306.02131},
  howpublished = {\tt arXiv:2306.02131 [cs.CR]},
  url = {https://arxiv.org/abs/2306.02131},
}
}

Friend or Foe Inside? Exploring In-Process Isolation to Maintain Memory Safety for Unsafe Rust (2023)

Merve Gülmez, Thomas Nyman, Christoph Baumann, Jan Tobias Mühlberg,

DOI:10.1109/SecDev56634.2023.00020 (accepted at IEEE SecDev 23)

FOSDEM Talk :

Open Access :

Extended Version: arXiv:2306.08127 [cs.CR]

Abstract

Rust is a popular memory-safe systems programming language. In order to interact with hardware or call into non- Rust libraries, Rust provides unsafe language features that shift responsibility for ensuring memory safety to the developer. Failing to do so, may lead to memory safety violations in unsafe code which can violate safety of the entire application. In this work we explore in-process isolation with Memory Protection Keys as a mechanism to shield safe program sections from safety violations that may happen in unsafe sections. Our approach is easy to use and comprehensive as it prevents heap and stack- based violations. We further compare process-based and in-process isolation mechanisms and the necessary requirements for data serialization, communication, and context switching. Our results show that in-process isolation can be effective and efficient, permits for a high degree of automation, and also enables a notion of application rewinding where the safe program section may detect and safely handle violations in unsafe code.


@INPROCEEDINGS{Gulmez23d,
  author={Gülmez, Merve and Nyman, Thomas and Baumann, Christoph and Mühlberg, Jan Tobias},
  booktitle={2023 IEEE Secure Development Conference (SecDev)}, 
  title={Friend or Foe Inside? Exploring In-Process Isolation to Maintain Memory Safety for Unsafe Rust}, 
  year={2023},
  volume={},
  number={},
  pages={54-66},
  doi={10.1109/SecDev56634.2023.00020}
}


@misc{Gulmez23c,
  author = {Gülmez, Merve and Nyman, Thomas and Baumann, Christoph and 
            Mühlberg, Jan Tobias},
  title = {Friend or Foe Inside? Exploring In-Process Isolation to 
           Maintain Memory Safety for Unsafe Rust}, 
  year = {2023}, 
  doi = {10.48550/ARXIV.2306.08127},
  howpublished = {\tt arXiv:2306.08127 [cs.CR]},
  url = {https://arxiv.org/abs/2306.08127},
}

Source Code

Source code for the sdradrustffi implementation is available at secure-rewind-and-discard

Secure Rewind and Discard on Arm Morello

Sacha Ruchlejmer

Open Access :

Abstract

Memory-unsafe programming languages such as C and C++ are the preferred languages for systems programming, embedded systems, and performance-critical applications. The widespread use of these languages makes the risk of memory-related attacks very high. There are well-known detection mechanisms, but they do not address software resilience. An earlier approach proposes the Secure Domain Rewind and Discard (SDRaD) of isolated domains as a method to enhance the resilience of software targeted by runtime attacks on x86 architecture, based on hardware-enforced Memory Protection Key (MPK). In this work, SDRaD has been adapted to work with the Capability Hardware Enhanced RISC Instructions (CHERI) architecture to be more lightweight and performant. The results obtained in this thesis show that CHERI-SDRaD, the prototype adaption that leverages the memory-safety properties inherent to the CHERI architecture, results in a solution with less performance degradation (2.2% in Nginx benchmarks) compared to earlier results obtained with the original SDRaD prototype on an Intel-based architecture. The adaption to CHERI additionally allowed limitations inherent to the MPK-based approach to be resolved.


@masterthesis{Ruchlejmer24,
  author={Sacha Ruchlejmer},
  title={Secure Rewind and Discard on Arm Morello}, 
  year=2024,
  month= {July},
  school={Phelma, School of engineering in Physics, Applied Physics, Electronics & Materials Science},
  address={Grenoble, France}
  type= {Master's thesis}
}