Giter Club home page Giter Club logo

donky's Introduction

Donky: Domain Keys – Efficient In-Process Isolation for RISC-V and x86

This repository contains the source code for the paper Donky: Domain Keys – Efficient In-Process Isolation for RISC-V and x86.

Donky is an efficient hardware-software co-design for strong in-process isolation based on dynamic memory protection domains. The two main components are a secure software framework and a non-intrusive hardware extension.

Disclaimer: The provided code is only a proof-of-concept. Use at your own risk. Note that the license only applies to DonkyLib, since the included submodules have separate licenses.

Directory structure:

  • DonkyLib: Contains the entire userspace library (Donky Monitor, API, self-tests).
  • syscall_hook: Contains the Linux module required for x86 syscall filtering.
  • sample_xml: Sample application using Donky to isolate xml parsing library TinyXML2.
  • cva6: Hardware code for the modified Ariane/CVA6 RISC-V processor.
  • ariane-sdk: Contains the tools for cross-compiling to RISC-V and running our library within the ISA simulator.

Getting Started

This repository can be cloned using the following commands:

git clone [email protected]:IAIK/Donky.git
cd Donky
git submodule update --init --recursive

Requirements

We have tested DonkyLib on Ubuntu 20.04 using the following packages:

sudo apt install build-essential clang autoconf automake autotools-dev curl libmpc-dev libmpfr-dev libgmp-dev libusb-1.0-0-dev gawk build-essential bison flex texinfo gperf libtool patchutils bc zlib1g-dev device-tree-compiler pkg-config libexpat-dev python unzip

Furthermore, the following commands need be be executed in order to compile Donky for RISC-V.

mkdir toolchain
export RISCV=$(realpath toolchain)
export PATH=$PATH:$RISCV/bin
export SDKBASE=$(realpath ariane-sdk)/

Building and running DonkyLib

Compile and run DonkyLib on x86 CPUs without MPK: (Simulates memory protection keys. No security guarantees and isolation tests disabled.)

make -C DonkyLib PLATFORM=x86_64 RELEASE=1 TIMING=1 SIM=pk clean run

Compile and run DonkyLib on x86 CPUs with MPK:

make -C DonkyLib PLATFORM=x86_64 RELEASE=1 TIMING=1 clean run

The make flag TIMING=1 also runs the integrated microbenchmarks, which can be omitted to only run self tests. While omitting the RELEASE=1 flag is also possible, it is not recommended since it's printing a lot of debug output. TIMING=1 should only be used in conjunction with RELEASE=1.

RISC-V

DonkyLib can also be compiled for RISC-V (by setting PLATFORM=riscv), but it requires the RISC-V compiler toolchain (in ariane-sdk), which takes a very long time to compile. This includes compiling RISC-V compilers, simulators, libc, Linux, and other dependencies. Building this will take several hours.

To build the RISC-V toolchain, run:

make -C ${SDKBASE} all

To run DonkyLib with the Proxykernel (not Linux) in the RISC-V ISA simulator, run:

make -C DonkyLib PLATFORM=riscv RELEASE=1 TIMING=1 SIM=pk clean run

The same can also be done using the real Linux kernel, but this will take a very long time to compile since it needs to download and build the Linux kernel:

make -C DonkyLib PLATFORM=riscv RELEASE=1 TIMING=1 clean run

Once Linux is booted in in the simulator, you can use ./x.elf to run the binary.

DonkyLib source code

Donky's source code can be found in the directory DonkyLib. It is split into two parts: The trusted library resides in pk, while the untrusted code lies in user. Each of these also have arch subdirectories for architecture-specific code, since DonkyLib supports both x86_64 and RISC-V. Donky API functions can be found in pk/pk.h. Its internal functions and metadata structures are defined in pk/pk_internal.h. user contains all self-tests and the integrated micro-benchmarks. main.c contains the main function, which initializes DonkyLib and starts the integrated testsuite.

The Makefile compiles the trusted and untrusted part into seperate archives/sections, so that the library can protect its code and data. It can also be compiled into a shared library, which is used in sample_xml (see below). By default, it compiles both the library and the user-side tests/benchmarks into a single executable: x.elf.

sample_xml

The directory sample_xml contains a sample C++ application, which isolates TinyXML2 using DonkyLib. This test first tests noraml xml parsing functionality when isolated usind DonkyLib. Then it tests handling of exceptions within child-domains. And finally it tests an artificial malicious function, which tries to access the stack of the parent, which should fail.

It can be run with the following commands:

For Intel CPUs with MPK:

make -C sample_xml clean run

For Intel CPUs without MPK:

make -C sample_xml SIM=pk clean run

Note, that access permissions cannot be enforced for CPUs without MPK.

donky's People

Contributors

davidschrammel avatar sam1013 avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar

Forkers

mbs0221 zqyzsj hustliyilin jinyue110 xuyb1999

donky's Issues

Missing "sysfilter.ko" and failing simple API call

Hello, thank you very much for open-sourcing Donky.

I was trying to test out the code on my machine with the following spec (PKU available):

~/related/Donky (master*) » tail /proc/cpuinfo | grep pku                      
flags		: ... pku ...
~/related/Donky (master*) » lsb_release -a                                        
No LSB modules are available.
Distributor ID:	Debian
Description:	Debian GNU/Linux 11 (bullseye)
Release:	11
Codename:	bullseye

When I run the following code, it seems like I'm missing some kernel module + simple API calls are not working and I'm not sure what is the issue (my guess is due to lack of kernel module)

~/related/Donky (master*) » make -C DonkyLib PLATFORM=x86_64 RELEASE=1 TIMING=1 clean run
make: Entering directory '/home/related/Donky/DonkyLib'
Patching (3/3) arch/x86_64/linker.ld.tmp
clang -o x.elf -static  -Wl,-T arch/x86_64/linker.ld -Wl,--start-group usr.a pk.a pku.a -Wl,--end-group -lpthread -lm
LD_LIBRARY_PATH=/home/related/Donky/DonkyLib setarch x86_64 --addr-no-randomize ./x.elf
bench_preinit()
before test getpid
0x970000 2383285: _pk_load_sysfilter_module: _pk_load_sysfilter_module: Could not open sysfilter device: /dev/sysfilter
0x970000 2383285: _pk_init: Unable to load syscall filter. Did you load sysfilter.ko?
0x970000 2383285: _pk_init: Proceeding without syscall filter
raw = 0xfffffff0, 
pk_init done
===========================================
Testing simple API call
===========================================
START of test1 API
0x970000 2383285: _pk_pkey_alloc_unlocked: _pk_pkey_alloc could not allocate key
0x970000 2383285: _pk_pkey_alloc: _pk_pkey_alloc_pk_domain_assign_pkey could not allocate key
0x970000 2383285: _pk_pkey_alloc_unlocked: _pk_pkey_alloc could not allocate shared key
0x970000 2383285: _pk_pkey_alloc: _pk_pkey_alloc_pk_domain_assign_pkey could not allocate key
0x970000 2383285: _pk_pkey_alloc_unlocked: _pk_pkey_alloc could not allocate key
0x970000 2383285: _pk_pkey_alloc: _pk_pkey_alloc_pk_domain_assign_pkey could not allocate key
0x970000 2383285: _pk_domain_create_unlocked: _pk_domain_create_unlocked: Invalid flags
0x970000 2383285: _pk_domain_create_unlocked: _pk_domain_create_unlocked: PK_KEY_COPY | PK_KEY_OWNER are only allowed in combination with PK_KEY_INHERIT
0x970000 2383285: _pk_domain_create_unlocked: _pk_domain_create_unlocked: PK_KEY_COPY | PK_KEY_OWNER are only allowed in combination with PK_KEY_INHERIT
0x970000 2383285: _pk_pkey_alloc_unlocked: _pk_pkey_alloc invalid flags or access rights
0x970000 2383285: _pk_pkey_alloc: _pk_pkey_alloc_pk_domain_assign_pkey could not allocate key
0x970000 2383285: _pk_pkey_alloc_unlocked: _pk_pkey_alloc invalid flags or access rights
0x970000 2383285: _pk_pkey_alloc: _pk_pkey_alloc_pk_domain_assign_pkey could not allocate key
0x970000 2383285: _pk_domain_load_key_unlocked: _pk_domain_load_key domain does not have pkey
0x970000 2383285: _pk_domain_load_key_unlocked: _pk_domain_load_key invalid flags
0x970000 2383285: _pk_domain_load_key_unlocked: _pk_domain_load_key invalid flags
0x970000 2383285: _pk_domain_assign_pkey_unlocked: _pk_domain_assign_pkey target domain does not exist
0x970000 2383285: _pk_domain_assign_pkey_unlocked: _pk_domain_assign_pkey domain does not have vkey
0x970000 2383285: _pk_domain_assign_pkey_unlocked: _pk_domain_assign_pkey invalid flags
0x970000 2383285: _pk_domain_assign_pkey_unlocked: _pk_domain_assign_pkey invalid access_rights
0x970000 2383285: _pk_domain_assign_pkey_unlocked: _pk_domain_assign_pkey domain does not own vkey
0x970000 2383285: _pk_domain_assign_pkey_unlocked: _pk_domain_assign_pkey domain does not have vkey
0x970000 2383285: _pk_domain_load_key_unlocked: _pk_domain_load_key domain does not have pkey
0x970000 2383285: _pk_pkey_free: _pk_pkey_free domain does not own vkey
0x970000 2383285: _pk_pkey_free: _pk_pkey_free domain does not own vkey
0x970000 2383285: _pk_pkey_free: _pk_pkey_free domain does not own vkey
0x970000 2383285: _pk_domain_load_key_unlocked: _pk_domain_load_key domain does not have pkey
0x970000 2383285: _pk_domain_load_key_unlocked: _pk_domain_load_key domain does not have pkey
0x970000 2383285: _pk_pkey_free: _pk_pkey_free domain does not own vkey
0x970000 2383285: _pk_domain_release_child: _pk_domain_release_child domain is not child
0x970000 2383285: _pk_domain_register_ecall2: _pk_domain_register_ecall2: only allowed on current domain or child
END of test1 API

I also tested the simulation command make -C DonkyLib PLATFORM=x86_64 RELEASE=1 TIMING=1 SIM=pk clean run, and it didn't work with a similar issue as above. Please let me know if you need any additional information.

Thank you in advance.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.