Secure Micro Technologies

BGAS-Zeno: A Scalable Capability-Based Secure Architecture

Project Overview

Category: Memory Safe & Secure scalable Architecture
Client/Sponsor: U.S. Government
Release date: 05 April, 2024
Access to a board: products@securemicro.com

Design Synopsis

The objective of the Big Global Address Space (BGAS) design is to develop an open-source, fast, and comprehensive, software/hardware co-design infrastructure for running applications under the BGAS-Zeno architecture and exploring safe & secure programming and system support techniques.

BGAS-Zeno Secure Computing Ecosystem

The BGAS-Zeno design spans the full stack from application benchmarking to runtimes, tools, Operating system (OS), and the simulation, emulation, ASIC prototyping of the BGAS-Zeno CPU, with a particular focus on security, scalability/HPC and portability.

Memory vulnerabilities remain a top issue for modern computing systems. Capability-based solutions aim to solve memory vulnerabilities at the hardware level by encoding access permissions with each memory reference, but so far little work has been done to apply a capability model to datacenter-scale systems. Shared memory across nodes presents a challenge for existing capability models, as capabilities must be valid and enforceable on multiple systems.

To address these challenges, we introduce BGAS-Zeno, a new capability-based architecture with a Namespace-based capability model to support globally shareable capabilities in a multi-node system. A key advantage of the capability model is compatibility with existing code-bases. Capabilities can be implemented transparently to the programmer, i.e., without source-code changes. Capabilities leverage semantics in source-code to describe access permissions but require customized compilers to translate the semantics to their binary equivalent.

With this release, users can have access to the BGAS-Zeno micro-architecture, the physical board design, compilation techniques, supporting operating system, and a suite of high-performance and memory safety benchmark applications for the testing and validation of the system. Release Manual [Link].

Memory Vulnerability Assessment Benchmark Suite

The benchmark suite covers four classes, i.e., spatial safety applications, temporal safety benchmarks, control flow hijack applications with spatial/temporal safety attacks, and finally chaining benchmarks where multiple memory safety attacks are chained for higher impact attack or evade a defense mechanism. Benchmark applications include out-of-bounds read and write, use-after-free, double free, heap data manipulation exploitation, pointer dereference, stack buffer overflow, among others, and cover both single and multi-threaded implementations. Our academic partners GitHub repository [Link].

BGAS-Zeno Capability Micro-Architecture

The Zeno is a capability architecture. It uses an extended addressing model to attach access permissions to addresses or address blocks. A capability is a secure pointer that combines an address with an unforgeable access token enforced in hardware. In Zeno, capabilities are implemented as Namespaces, representing address space abstractions that can be shared across multi-node systems. In a 64-bit Zeno architecture, an extended address will be 128-bit where 64 bits are used for the actual address and the other 64 bits contain the access control information, i.e., Namespace Metadata.

Zeno-LLVM Capability Compiler

The Zeno-LLVM compiler produces code transparently to the programmer that is aware of capabilities and maintains their integrity. The Zeno assembler enables custom Zeno instructions which support secure memory operations. Results show that this capability-aware compilation toolchain moderately increases the binary size compared to a non-Zeno compilation process. The minimal overhead incurred by the additional capability management instructions is an acceptable trade-off for the memory safety and security. Our academic partners GitHub repository of an earlier version of the compiler [Link].

Zeno OS – Secure Capability-Aware Microkernel

The Zeno Microkernel design provides key security abstractions - composable process/thread/enclave identification (ID), namespace-aware process resources allocation, and (IPC) inter-process communication. The design has a systematic isolation mechanism, therefore greater compartmentalization for security. It also provides greater stability and extensibility/scalability. Low-level kernel services, process management subsystem, memory management, filesystem architecture and management, inter-process communication, and device management and I/O drivers are all implemented to be capability-aware.