Isolation is a long-standing challenge of software security. Traditional privilege rings and virtual memory are more and more augmented with concepts such as capabilities, protection keys, and powerful enclaves. At the same time, we are evidencing an increased need for physical protection, shifting towards full memory encryption schemes. This results in a complex interplay of various security mechanisms, increasing the burden for system architects and security analysts. In this work, we tackle the isolation challenge with a new isolation primitive called authenticryption shield that unifies both traditional and advanced isolation policies while offering the potential for future extensibility. At the core, we build upon an authenticated memory encryption scheme that gives cryptographic isolation guarantees and, thus, streamlines the security reasoning. We showcase the versatility of our approach by designing and prototyping SERVAS -- an innovative enclave architecture for RISC-V. Unlike current enclave systems, SERVAS facilitates efficient and secure enclave memory sharing. While the memory encryption constitutes the main overhead, entering or exiting a SERVAS enclave requires only 3.5x of a simple syscall, instead of 71x for Intel SGX.

中文翻译：

---

SERVAS！通过RISC-V Authenticryption Shield保护飞地

隔离是软件安全的一项长期挑战。传统特权环和虚拟内存越来越多地带有功能，保护密钥和功能强大的安全区等概念。同时，我们证明对物理保护的需求在增加，向全内存加密方案转变。这导致各种安全机制之间复杂的相互作用，从而增加了系统架构师和安全分析人员的负担。在这项工作中，我们通过一个称为authenticryption shield的新隔离原语解决了隔离挑战，该原语将传统和高级隔离策略结合在一起，同时提供了将来可扩展性的潜力。从根本上讲，我们基于经过身份验证的内存加密方案，该方案可提供加密隔离保证，因此，简化安全推理。我们通过设计和原型化SERVAS（一种RISC-V的创新型飞地架构）展示了我们方法的多功能性。与当前的安全区系统不同，SERVAS可以促进安全高效的安全区内存共享。虽然内存加密是主要的开销，但进入或退出SERVAS安全区仅需要简单系统调用的3.5倍，而不是Intel SGX的71倍。