Revisiting Challenges for Selective Data Protection of Real Applications
It addresses security issues for real-world applications using selective data protection, but is incremental as it revisits and solves known challenges.
The paper tackled neglected technical challenges in applying selective data protection to real applications, such as secure input channel and granularity conflicts, and proposed solutions that resulted in a prototype system with less than 3% runtime overhead and security guarantees.
Selective data protection is a promising technique to defend against the data leakage attack. In this paper, we revisit technical challenges that were neglected when applying this protection to real applications. These challenges include the secure input channel, granularity conflict, and sensitivity conflict. We summarize the causes of them and propose corresponding solutions. Then we design and implement a prototype system for selective data protection and evaluate the overhead using the RISC-V Spike simulator. The evaluation demonstrates the efficiency (less than 3% runtime overhead with optimizations) and the security guarantees provided by our system.