SCALPEL is a lightweight optimization tool for automatically compartmentalizing policies for hardware-accelerated enforcement in a tagged architecture. The tool also creates a layer or protection (or hardening) by learning and allowing certain privileges based on learned expectations.

The languages of operating systems, device drivers and embedded applications are large and unwieldy at times – resulting in unsafe and exploitable systems. Privilege separation separates a system into components, each limited to the privileges it requires to operate. Privilege separation relies on coarse-grained, process-level separation, where the virtual memory system provides isolation. Although isolating vulnerability in one component from other system components makes the system more robust to attackers, this approach often negatively affects system performance.

Research from Andre DeHon’s lab at the University of Pennsylvania have developed a flexible, tag-based hardware security monitor that provides an opportunity to enforce fine-grained, hardware-accelerated privilege separation which can optimize system performance while decreasing opportunities for system exploitation.

SCALPEL enables rapid self-learning of low-level privileges and the automatic creation and implementation of compartmentalization security policies for a tagged architecture. Researchers from the DeHon Lab used this tool for a hardware-accelerated security monitoring design called the PIPE (Processor Interlocks for Policy Enforcement) architecture. On the back-end,SCALPEL is a tool that automatically lowers compartmentalization policies to the PIPE for hardware-accelerated enforcement. On the front end, SCALPEL provides an optimization opportunity through a set of compartment generation algorithms to help security engineers explore the privilege-performance tradeoff space that a runtime environment can achieve.

SCALPEL enables fine-grained privilege separation with hundreds of compartments to achieve a low over-privilege ratio with low overheads.

• SCALPEL created policies can reduce over-privilege by orders of magnitude with hundreds of logical compartments while imposing low overheads (<5%).
• In cases where human expertise is available for additional fine-tuning, SCALPEL easily integrates human-supplied knowledge in its policy exploration.
• SCALPEL automatically implements compartmentalization strategies across the privilege-performance tradeoff space, all without manual tagging or code restructuring.