Facebook Awards $100K Prize For Code Isolation Using MPKs
Written by Kay Ewbank   
Thursday, 29 August 2019

A six-person team of data scientists has been awarded this year's $100K Internet Defense Prize by Facebook. The team developed a new hardware-enforced isolation technique for sensitive state and data using memory protection keys.

Facebook's Internet Defense Prize is awarded annually for research presented at the USENIX security conference that meaningfully makes the Internet more secure. Created in 2014, the award is funded by Facebook and offered in partnership with USENIX.

fb

To qualify for the prize, researchers need to provide a working prototype that demonstrates significant contributions to the security of the internet, particularly in the areas of prevention and defense. The direction of the research is more important than the progress to date, and the idea is the winners will use the award to take their prototype to the next level for something practical, accessible and high impact.

Previous award winners have included projects on third-party cookie policies, and the detection of Credential Spearphishing in enterprise settings.

This year's winners from the Max Planck Institute for Software Systems, Anjo Vahldiek-Oberwagner, Eslam Elnikety, Nuno O. Duarte, Michael Sammler, Peter Druschel, and Deepak Garg are researching secure, efficient In-process Isolation with Memory Protection Keys (MPKs). MPKs have recently been added to x86 CPUs to enable protection domain switches in userspace, with binary inspection to prevent circumvention.

prizewinners

 

The research is intended to provide an alternative way of isolating sensitive state and data. While this can already be carried out using page-based hardware isolation, it is only feasible when runtime references across isolation boundaries occur relatively infrequently. Applications such as the isolation of cryptographic session keys in network-facing services require very frequent domain switching. In such applications, the overhead of kernel- or hypervisor-mediated domain switching is prohibitive.

The researchers showed that their technique, called ERIM referring to Secure, Efficient In-process Isolation with Protection Keys (MKP), can be applied with little effort to new and existing applications, doesn't require compiler changes, can run on a stock Linux kernel, and has low runtime overhead even at high domain switching rates. The full paper is available as a PDF.

 

More Information

PDF Of Research Paper

Related Articles

GitHub Adds New Code Security Features

Double Rewards For Finding Bugs In Facebook Ads Code

Facebook Pays Out Record Reward

Pwn2Own Contest To Win A Tesla

Levchin Prize for Real-World Cryptography

Mayhem Wins DARPA Cyber Grand Challenge

Hack A Chromebook for $100,000

 

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on, Twitter, Facebook or Linkedin.

Banner


Meteoric Growth of Jakarta EE
30/06/2020

The results of the Eclipse Foundation's 2020 Jakarta EE Developer Survey shows significantly increased growth in the use of Jakarta EE 8 and interest in cloud-native Java overall.



Celebrate 25 Years of Java With JetBrains
03/07/2020

JetBrains is hosting a Java Technology Day on Friday July 10th with ten hour-long sessions from industry leaders. Register now to get instructions to join this virtual event which will be using GoToWe [ ... ]


More News

graphics

 



 

Comments




or email your comment to: comments@i-programmer.info

Last Updated ( Thursday, 29 August 2019 )