1 / 19

Enhancing Security for Commodity OS Kernels Against Vulnerable Device Drivers

This paper proposes a novel security architecture aimed at protecting commodity operating system kernels from vulnerabilities associated with device drivers. Device drivers operate with kernel privileges, allowing unfettered access to critical kernel data structures, which presents significant security risks. Our architecture enables device drivers to execute in user mode without degrading common-case performance. The design focuses on ensuring kernel data integrity, compatibility with existing systems, and the efficient monitoring of driver interactions. Performance evaluations were conducted on various drivers to assess the effectiveness of the proposed solution.

arnaud
Télécharger la présentation

Enhancing Security for Commodity OS Kernels Against Vulnerable Device Drivers

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Protecting Commodity Operating System Kernels from Vulnerable Device Drivers Shakeel Butt @ Rutgers University VinodGanapathy @ Rutgers University Michael M. Swift @ University of Wisconsin-Madison Chih-Cheng Chang @ Rutgers University ACSAC 2009

  2. Outline • Introduction • Background and scope • Design • Implementation • Evaluation • Related Work • Summary

  3. Introduction • Device drivers execute with kernel privilege in most commodity operating systems and have unrestricted access to kernel data structure. • Propose a security architecture that offers commodity operating systems the benefits of executing device drivers in user mode without affecting common-case performance

  4. Background and Scope • Threats at the kernel/driver interface • Kernel data structures are routinely updated by device drivers, and the kernel impose no restrictions on the memory regions accessible to drivers or devices. • Threats at the driver/device interface • A compromised driver can maliciously modify the state of the device

  5. Design • Goals • Kernel data structure integrity • Good common-case performance • Compatibility

  6. Design • Architecture

  7. Design • Microdriver • Consist of k-driver & u-driver • Microdriver runtime • Communication • Object tracking • RPC monitor • Monitor data transfer • Monitor control transfer

  8. Implementation • Background on Microdrivers

  9. Implementation • Microdriver split tool - DriverSlicer • Splitter • Code generator • Invariant inference tool – Daikon • Front end • Inference engine

  10. Implementation • Monitoring kernel data structure updates • Training phace • Inferring data structure integrity constraints • Constancy of scalars and pointers • Relationships between variables • Ranges/sets of values • Linked list invariants

  11. Implementation • Enforcement phase • Enforcing data structure integrity constraints • Invariant table • Vault table

  12. Inplementation • Monitoring control transfers • Extracting control transfer policies • Static analysis • Enforcing control transfer policies • Upcall • Downcall

  13. Evaluation • Conduct on four drivers • RealTek RTL-8139 (8139too) • RealTek RTL-8139C+ (8139cp) • Ensoniq sound card (ens1371) • USB interface (uhci-hcd)

  14. Evaluation • Privilege separation

  15. Evaluation • Ability to prevent attacks • Control hijacking via injected downcalls • Control hijacking via modified function pointers • Non-control data attacks

  16. Evaluation • False positives and negatives

  17. Evaluation • Performance • TCP receive and send buffer sizes of 87KB and 16KB, respectively. • Copy a 140MB file into a USB disk • Play a 256-Kbps MP3

  18. Related Work • Hardware-based isolation techniques • Virtual machine-based techniques • Language-based mechanisms • Microkernels • User-mode driver frameworks

  19. Summary • Better isolate kernel data from device drivers without sacrificing performance. • Compatible with commodity operating system.

More Related