Skip to content
master
Go to file
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

README.md

Hardware-assisted Data-flow Isolation

Hardware-assisted data-flow isolation (HDFI) is a new fine-grained data isolation mechanism that is broadly applicable and very efficient. HDFI enforces isolation at the machine word granularity by virtually extending each memory unit with an additional tag that is defined by data-flow. This capability allows HDFI to enforce a variety of security models such as the Biba Integrity Model and the Bell–LaPadula Model. The current HDFI prototype is based the RISC-V instruction set architecture (ISA).

This repo contains five parts of the projects:

  • chip: the modified rocket-chip
  • emulator: the modified emulator (based on spike)
  • toolchain: modified GCC, glibc, and llvm
  • linux: the modified kernel
  • tests: various tests, mostly for security tests

More details

Getting started

A test drive with c++ simulator generated from the implementaion in Chisel.

$ make gcc-build-elf
$ make fesvr-build
$ export RISCV=`pwd`/install/
$ export PATH=$PATH:`pwd`/install/bin/
$ cd chip/riscv-tools
$ ./build-tests.sh
$ cd ../emulator
$ make all
$ make run-bmark-tests

Building Linux kernel

$ make gcc-build-linux
$ make linux-build

For further detail, please follow the RISC-V tutorials:

Contributors

Reference

@inproceedings{song:hdfi,
  title        = {{HDFI: Hardware-Assisted Data-Fow Isolation}},
  author       = {Chengyu Song and Hyungon Moon and Monjur Alam and Insu Yun and Byoungyoung Lee and Taesoo Kim and Wenke Lee and Yunheung Paek},
  booktitle    = {Proceedings of the 37th IEEE Symposium on Security and Privacy (Oakland)},
  month        = may,
  year         = 2016,
  address      = {San Jose, CA},
}

About

Hardware-assisted Data-flow Isolation

Resources

Releases

No releases published

Packages

No packages published
You can’t perform that action at this time.