Facebook has announced the 2019 winners of the Internet Defense Prize, an award offered in partnership with USENIX.
Created in 2014, the award is meant to recognize and reward research that meaningfully makes the Internet more secure. The goal is to reward ideas that go beyond theory and which can be adopted to protect people in practice.
The 2019 great prize of $100,000, Facebook has announced, was awarded to Anjo Vahldiek-Oberwagner, Eslam Elnikety, Nuno O. Duarte, Michael Sammler, Peter Druschel, and Deepak Garg at the Max Planck Institute for Software Systems, Saarland Informatics Campus.
The researchers received the award for work titled ERIM: Secure, Efficient In-process Isolation with Protection Keys (MPK).
The paper presents a new technique to provide hardware-enforced isolation with low overhead on x86 CPUs. The idea combines protection keys, a feature that allows protection domain switches in userspace, with binary inspection, thus preventing circumvention.
The researchers demonstrate how ERIM can be applied to new and existing applications and say that it doesn’t require compiler changes. ERIM can run on a stock Linux kernel and, even at high domain switching rates, has low runtime overhead.
“Traditionally, software isolation has come with significant performance costs. The authors’ approach stands out because it achieves much better runtime efficiency due to lower overhead, which makes it practical for real-world use in production environments. If this type of defense finds widespread use, it will help eliminate an entire class of security exploits,” Facebook noted.