1 / 9

Enhanced Operating System Security Through Efficient and Fine-grained Address Space Randomization

Enhanced Operating System Security Through Efficient and Fine-grained Address Space Randomization. Cristiano Giuffrida Anton Kuijsten Andrew S. Tanenbaum. Usenix Security 2012. Introduction. Kernel-level Exploitation Existing Countermeasures

yamin
Télécharger la présentation

Enhanced Operating System Security Through Efficient and Fine-grained Address Space Randomization

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Enhanced Operating System SecurityThrough Efficient and Fine-grainedAddress Space Randomization Cristiano Giuffrida Anton Kuijsten Andrew S. Tanenbaum Usenix Security 2012

  2. Introduction • Kernel-level Exploitation • Existing Countermeasures • Preserving kernel code integrity [SecVisor, NICKLE, hvmHarvard]. • Kernel hook protection [HookSafe, HookScout, Indexed hooks]. • Control-owintegrity [SBCFI]. • No comprehensive memory error protection. • Virtualization support required, high overhead.

  3. Address Space Randomization • Well-established defense mechanism against memory error exploits. • Application-level support in all the major operating systems. • The operating system itself typically not randomized at all. • Only recent Windows releases perform basic text randomization. • Goal: Fine-grained ASR for operating systems

  4. Challenges • Instrumentation • Lightweight • Information leakage • Fine-grain and rerandomization • Brute force • Crash kernel

  5. A Design for OS-level ASR • Make both location and layout of memory objects unpredictable. • LLVM-based link-time transformations for safe and effcientASR. • Minimal amount of untrusted code exposed to the runtime. • Live rerandomization to maximize unobservability of the system. • No changes in the software distribution model.

  6. Discussion • Not tested on real kernel exploit, to provide evaluation on the performance • How to check the interval of rerandomization • Hard to do, need threat model and per-component based testing • Good for tuning for unpatched kernel

  7. Discussion • Rerandomization failure • Make sure this rerandomization process can start • Corrupt state can affect the migration • Time out and abort • Multicore • Synchronize the states, per-components replica • Future work

  8. Discussion • Rerandomization can be improved • Need to care about the randomization, as the entropy. Randomization pool can be used up. • More questions?

  9. Discussion • Just-In-Time Code Reuse: On the Effectiveness of Fine-Grained Address Space Layout Randomization • Kevin Z. Snow et al. • 2013 IEEE Symposium on Security and Privacy • Evaluation

More Related