Skip to content

jinyue110/Donky

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
DonkyLib
DonkyLib
 
 
ariane-sdk @ 76cac3a
ariane-sdk @ 76cac3a
 
 
cva6 @ fa39821
cva6 @ fa39821
 
 
sample_xml
sample_xml
 
 
syscall_hook
syscall_hook
 
 
.gitmodules
.gitmodules
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Donky: Domain Keys – Efficient In-Process Isolation for RISC-V and x86

This repository contains the source code for the paper Donky: Domain Keys – Efficient In-Process Isolation for RISC-V and x86.

Donky is an efficient hardware-software co-design for strong in-process isolation based on dynamic memory protection domains. The two main components are a secure software framework and a non-intrusive hardware extension.

Disclaimer: The provided code is only a proof-of-concept. Use at your own risk. Note that the license only applies to DonkyLib, since the included submodules have separate licenses.

Directory structure:

  • DonkyLib: Contains the entire userspace library (Donky Monitor, API, self-tests).
  • syscall_hook: Contains the Linux module required for x86 syscall filtering.
  • sample_xml: Sample application using Donky to isolate xml parsing library TinyXML2.
  • cva6: Hardware code for the modified Ariane/CVA6 RISC-V processor.
  • ariane-sdk: Contains the tools for cross-compiling to RISC-V and running our library within the ISA simulator.

Getting Started

This repository can be cloned using the following commands:

git clone [email protected]:IAIK/Donky.git
cd Donky
git submodule update --init --recursive

Requirements

We have tested DonkyLib on Ubuntu 20.04 using the following packages:

sudo apt install build-essential clang autoconf automake autotools-dev curl libmpc-dev libmpfr-dev libgmp-dev libusb-1.0-0-dev gawk build-essential bison flex texinfo gperf libtool patchutils bc zlib1g-dev device-tree-compiler pkg-config libexpat-dev python unzip

Furthermore, the following commands need be be executed in order to compile Donky for RISC-V.

mkdir toolchain
export RISCV=$(realpath toolchain)
export PATH=$PATH:$RISCV/bin
export SDKBASE=$(realpath ariane-sdk)/

Building and running DonkyLib

Compile and run DonkyLib on x86 CPUs without MPK: (Simulates memory protection keys. No security guarantees and isolation tests disabled.)

make -C DonkyLib PLATFORM=x86_64 RELEASE=1 TIMING=1 SIM=pk clean run

Compile and run DonkyLib on x86 CPUs with MPK:

make -C DonkyLib PLATFORM=x86_64 RELEASE=1 TIMING=1 clean run

The make flag TIMING=1 also runs the integrated microbenchmarks, which can be omitted to only run self tests. While omitting the RELEASE=1 flag is also possible, it is not recommended since it's printing a lot of debug output. TIMING=1 should only be used in conjunction with RELEASE=1.

RISC-V

DonkyLib can also be compiled for RISC-V (by setting PLATFORM=riscv), but it requires the RISC-V compiler toolchain (in ariane-sdk), which takes a very long time to compile. This includes compiling RISC-V compilers, simulators, libc, Linux, and other dependencies. Building this will take several hours.

To build the RISC-V toolchain, run:

make -C ${SDKBASE} all

To run DonkyLib with the Proxykernel (not Linux) in the RISC-V ISA simulator, run:

make -C DonkyLib PLATFORM=riscv RELEASE=1 TIMING=1 SIM=pk clean run

The same can also be done using the real Linux kernel, but this will take a very long time to compile since it needs to download and build the Linux kernel:

make -C DonkyLib PLATFORM=riscv RELEASE=1 TIMING=1 clean run

Once Linux is booted in in the simulator, you can use ./x.elf to run the binary.

DonkyLib source code

Donky's source code can be found in the directory DonkyLib. It is split into two parts: The trusted library resides in pk, while the untrusted code lies in user. Each of these also have arch subdirectories for architecture-specific code, since DonkyLib supports both x86_64 and RISC-V. Donky API functions can be found in pk/pk.h. Its internal functions and metadata structures are defined in pk/pk_internal.h. user contains all self-tests and the integrated micro-benchmarks. main.c contains the main function, which initializes DonkyLib and starts the integrated testsuite.

The Makefile compiles the trusted and untrusted part into seperate archives/sections, so that the library can protect its code and data. It can also be compiled into a shared library, which is used in sample_xml (see below). By default, it compiles both the library and the user-side tests/benchmarks into a single executable: x.elf.

sample_xml

The directory sample_xml contains a sample C++ application, which isolates TinyXML2 using DonkyLib. This test first tests noraml xml parsing functionality when isolated usind DonkyLib. Then it tests handling of exceptions within child-domains. And finally it tests an artificial malicious function, which tries to access the stack of the parent, which should fail.

It can be run with the following commands:

For Intel CPUs with MPK:

make -C sample_xml clean run

For Intel CPUs without MPK:

make -C sample_xml SIM=pk clean run

Note, that access permissions cannot be enforced for CPUs without MPK.

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • C 61.7%
  • C++ 31.2%
  • Assembly 5.0%
  • Makefile 1.7%
  • Other 0.4%