BGAS-Zeno: An Open Capability-Based Secure Compartmentalization Architecture Design

Building 45 (MIT Stephen A. Schwarzman College of Computing), 102

Memory vulnerabilities remain a top issue for modern computing systems. Capability-based solutions aim to solve memory vulnerabilities at the hardware level by encoding access permissions with each memory reference, but so far little work has been done to apply a capability model to datacenter-scale systems. Shared memory across nodes presents a challenge for existing capability models, as capabilities must be valid and enforceable on multiple systems. To address these challenges, we introduce BGAS-Zeno, a new capability-based architecture with a Namespace-based capability model to support globally shareable capabilities in a multi-node system. A key advantage of the capability model is compatibility with existing code-bases. Capabilities can be implemented transparently to the programmer, i.e., without source-code changes. Capabilities leverage semantics in source-code to describe access permissions but require customized compilers to translate the semantics to their binary equivalent. In this workshop, we will introduce the micro-architecture, the physical board design, compilation techniques, supporting operating system, and a suite of high-performance and memory safety benchmark applications for the testing and validation of the system.Presented by Secure Micro Technologies, Arizona State University, Texas Tech University, and MIT.