90 likes | 258 Vues
Enhanced Operating System Security Through Efficient and Fine-grained Address Space Randomization. Cristiano Giuffrida Anton Kuijsten Andrew S. Tanenbaum. Usenix Security 2012. Introduction. Kernel-level Exploitation Existing Countermeasures
E N D
Enhanced Operating System SecurityThrough Efficient and Fine-grainedAddress Space Randomization Cristiano Giuffrida Anton Kuijsten Andrew S. Tanenbaum Usenix Security 2012
Introduction • Kernel-level Exploitation • Existing Countermeasures • Preserving kernel code integrity [SecVisor, NICKLE, hvmHarvard]. • Kernel hook protection [HookSafe, HookScout, Indexed hooks]. • Control-owintegrity [SBCFI]. • No comprehensive memory error protection. • Virtualization support required, high overhead.
Address Space Randomization • Well-established defense mechanism against memory error exploits. • Application-level support in all the major operating systems. • The operating system itself typically not randomized at all. • Only recent Windows releases perform basic text randomization. • Goal: Fine-grained ASR for operating systems
Challenges • Instrumentation • Lightweight • Information leakage • Fine-grain and rerandomization • Brute force • Crash kernel
A Design for OS-level ASR • Make both location and layout of memory objects unpredictable. • LLVM-based link-time transformations for safe and effcientASR. • Minimal amount of untrusted code exposed to the runtime. • Live rerandomization to maximize unobservability of the system. • No changes in the software distribution model.
Discussion • Not tested on real kernel exploit, to provide evaluation on the performance • How to check the interval of rerandomization • Hard to do, need threat model and per-component based testing • Good for tuning for unpatched kernel
Discussion • Rerandomization failure • Make sure this rerandomization process can start • Corrupt state can affect the migration • Time out and abort • Multicore • Synchronize the states, per-components replica • Future work
Discussion • Rerandomization can be improved • Need to care about the randomization, as the entropy. Randomization pool can be used up. • More questions?
Discussion • Just-In-Time Code Reuse: On the Effectiveness of Fine-Grained Address Space Layout Randomization • Kevin Z. Snow et al. • 2013 IEEE Symposium on Security and Privacy • Evaluation