Search papers, labs, and topics across Lattice.
This paper analyzes the Arm Permission Overlay Extension 2 (POE2), an advanced intra-process isolation mechanism that enhances the original POE by introducing new registers and tables to manage permissions based on spatial and temporal indices. The authors propose a universal programming model that simplifies the complexities of POE2, allowing developers to effectively implement security measures while minimizing the risk of programming errors. Key results indicate that POE2 offers stronger security guarantees compared to its predecessor, albeit at the cost of increased architectural complexity.
POE2's universal programming model transforms the daunting complexity of advanced memory protection into manageable abstractions, enhancing security without sacrificing usability.
Arm Permission Overlay Extension (POE) is an intra-process isolation mechanism based on memory protection keys. This mechanism partitions virtual memory into regions whose access permissions can be reconfigured without invoking higher exception levels. Because POE does not enforce privilege separation, POE-based protection domains are applicable only as a software fault-isolation technique. The POE2 is an isolation mechanism that substantially extends POE1. Dealing with memory protection keys, it also introduces new registers and tables that regulate the operations permitted for code executing within protection domains associated with different keys. A permission is determined by the spatial index of the executing code (i.e., the protection key associated with code), the spatial index of the accessed memory, the operation type, and a new attribute of the thread context: its temporal index. POE2 provides stronger security guarantees than POE1, but also introduces considerable architectural complexity. Effective permissions arise from the interaction of multiple hardware components, making direct programming non-trivial and prone to subtle errors. In the paper, we present a detailed analysis of POE2 and introduce a universal programming model with a strong security model for POE2-based systems. The model abstracts the complexity of spatial and temporal indices while enabling typical patterns of partitioned software constructed using intra-process isolation.