With the alarming rate of security advisories and privacy concerns on connected devices, there is an urgent need for strong isolation guarantees in resource-constrained devices that demand very lightweight solutions. However, the status quo is that Unix-like operating systems do not offer privilege separation inside a process. Lack of practical fine-grained compartmentalization inside a shared address space leads to private data leakage through applications' untrusted dependencies and compromised threads. To this end, we propose $\mu$Tiles, a lightweight kernel abstraction and set of security primitives based on mutual distrust for intra-process privilege separation, memory protection, and secure multithreading. $\mu$Tiles takes advantage of hardware support for virtual memory tagging (e.g., ARM memory domains) to achieve significant performance gain while eliminating various hardware limitations. Our results (based on OpenSSL, the Apache HTTP server, and LevelDB) show that $\mu$Tiles is extremely lightweight (adds $\approx 10KB$ to kernel image) for IoT use cases. It adds negligible runtime overhead ($\approx 0.5\%-3.5\%$) and is easy to integrate with existing applications for providing strong privilege separation.

中文翻译：

---

$\mu$Tiles：内存区域的高效进程内特权执行

随着对连接设备的安全建议和隐私问题的惊人速度，迫切需要在需要非常轻量级解决方案的资源受限设备中提供强大的隔离保证。然而，现状是类 Unix 操作系统不提供进程内部的权限分离。共享地址空间内缺乏实用的细粒度划分会导致私有数据通过应用程序的不可信依赖项和受损线程泄漏。为此，我们提出了 $\mu$Tiles，这是一种轻量级内核抽象和一组基于互不信任的安全原语，用于进程内特权分离、内存保护和安全多线程。$\mu$Tiles 利用了对虚拟内存标记的硬件支持（例如，ARM 内存域）以实现显着的性能提升，同时消除各种硬件限制。我们的结果（基于 OpenSSL、Apache HTTP 服务器和 LevelDB）表明，对于物联网用例，$\mu$Tiles 非常轻量级（向内核映像添加 $\approx 10KB$）。它增加了可以忽略不计的运行时开销（$\approx 0.5\%-3.5\%$），并且易于与现有应用程序集成以提供强大的权限分离。