ELFbac is a Linux kernel patch that brings access control policy to runtime virtual memory accesses of Linux processes, at the natural granularity of the ELF binary executable format's symbols and metadata. ELFbac policies make process memory sections into principals of an access control policy; no changes to the GNU compiler chain are needed or programming language syntax are needed, as the managed sections are described by existing ELF metadata entries and GNU extensions.
ELFbac policy captures the programmer's intention for code and data sections: for code units not meant to access certain data sections (or pages), access is trapped. Whenever a code section has exclusive relationships with some data sections (such as between a cryptographic library and crypto keys or certificates), or may only access a data section in a particular phase of the process' runtime (such as initialization, authentication or data handling), these relationships are enforced. Standard ELF ABI already provides over 30 semantically and intentionally different kinds of sections for the runtime, and the programmer may create custom sections (e.g., the GCC toolchain creates custom sections with the attribute __section__(name), a GNU extension). The programmer would then specify the section's relationships or let policy tools derive the obvious ones from the code.
Intra-Process Memory Protection for Applications on ARM and x86: Leveraging the ELF ABI
Sergey Bratus, Julian Bangert, Maxwell Koo (see whitepaper for all contributors)
BlackHat USA 2016: [video] [slides] [whitepaper]
ELFbac: Using the Loader Format for Intent-Level Semantics and Fine-Grained Protection
Julian Bangert, Sergey Bratus, Rebecca Shapiro, Michael E. Locasto, Jason Reeves, Sean W. Smith, Anna Shubina
Dartmouth College Computer Science Technical Report: [pdf]
ICS ELFbac-ARM on GitHub, by Maxwell Koo & Narf Industries
ELFbac-ARM patch is compatible with Grsecurity for ICS.
Original ELFbac-x86 prototype, by Julian Bangert
Mithril ELF rewriting tool, by Julian Bangert