kGuard: Lightweight Kernel Protection Against Return-to-user Attacks. (2012)

by V P Kemerlis, G Portokalidis, A D Keromytis
Venue:In Proceedings of the 21st USENIX Conference on Security Symposium, Security’12,
Add To MetaCart
Results 11 - 17 of 17

Security kGuard Lightweight Kernel Protection

by Vasileios P. Kemerlis, Georgios Portokalidis, Elias Athanasopoulos, Angelos, D. Keromytis, Vasileios Kemerlis Is A Phd, Angelos D. Keromytis Is
"... interests are mainly in software and systems security, with a focus on automated software hardening. ..."
Abstract - Add to MetaCart
interests are mainly in software and systems security, with a focus on automated software hardening.
(Show Context)

Iso-X: A Flexible Architecture for Hardware-Managed Isolated Execution

by unknown authors
"... Abstract—We consider the problem of how to provide an execution environment where the application’s secrets are safe even in the presence of malicious system software layers. We propose Iso-X — a flexible, fine-grained hardware-supported framework that provides isolation for security-critical pieces ..."
Abstract - Add to MetaCart
Abstract—We consider the problem of how to provide an execution environment where the application’s secrets are safe even in the presence of malicious system software layers. We propose Iso-X — a flexible, fine-grained hardware-supported framework that provides isolation for security-critical pieces of an application such that they can execute securely even in the presence of untrusted system software. Isolation in Iso-X is achieved by creating and dynamically managing compartments to host critical fragments of code and associated data. Iso-X provides fine-grained isolation at the memory-page level, flexible allocation of memory, and a low-complexity, hardware-only trusted computing base. Iso-X requires minimal additional hardware, a small number of new ISA instructions to manage compartments, and minimal changes to the operating system which need not be in the trusted computing base. The run-time performance overhead of Iso-X is negligible and even the over-head of creating and destroying compartments is modest. Iso-X offers higher memory flexibility than the recently proposed SGX design from Intel, allowing both fluid partitioning of the available memory space and dynamic growth of compartments. An FPGA implementation of Iso-X runtime mechanisms shows a negligible impact on the processor cycle time. Keywords-hardware security; isolated execution; I.
(Show Context)

Iso-X: A Flexible Architecture for Hardware-Managed Isolated Execution

by unknown authors
"... Abstract—We consider the problem of how to provide an execution environment where the application’s secrets are safe even in the presence of malicious system software layers. We propose Iso-X: a flexible, fine-grained hardware-supported framework that provides isolation for security-critical pieces ..."
Abstract - Add to MetaCart
Abstract—We consider the problem of how to provide an execution environment where the application’s secrets are safe even in the presence of malicious system software layers. We propose Iso-X: a flexible, fine-grained hardware-supported framework that provides isolation for security-critical pieces of an application such that they can execute securely even in the presence of untrusted system software. Isolation is achieved by creating and dynamically managing execution compartments to host critical fragments of code and associated data. Iso-X provides fine-grained isolation at the memory-page level, flexible allocation of memory, and a low-complexity, hardware-only trusted computing base. Iso-X requires minimal additional hardware, a small number of new ISA instructions to manage compartments, and minimal changes to the operating system which need not be in the trusted computing base. The run-time performance overhead of Iso-X is negligible and even the overhead of creating and destroying compartments is modest. Iso-X offers significantly higher memory flexibility than the recently proposed SGX design from Intel, allowing both fluid partitioning of the available memory space and dynamic growth of compartments. An FPGA implementation of Iso-X runtime mechanisms shows a negligible impact on the processor cycle time. Keywords-security; isolated execution; I.
(Show Context)

ARethinking Memory Permissions for Protection Against Cross-Layer Attacks

by Jesse Elwell, Suny Binghamton, Ryan Riley
"... The inclusive permissions structure (e.g., the Intel ring model) of modern commodity CPUs provides privileged system software layers with arbitrary permissions to access and modify client processes, allowing them to manage these clients and the system resources efficiently. Unfortunately, these incl ..."
Abstract - Add to MetaCart
The inclusive permissions structure (e.g., the Intel ring model) of modern commodity CPUs provides privileged system software layers with arbitrary permissions to access and modify client processes, allowing them to manage these clients and the system resources efficiently. Unfortunately, these inclusive permissions allow a compromised high-privileged software layers to perform arbitrary malicious activities. In this paper, our goal is to prevent attacks that cross system layers while maintaining the abilities of system software to manage the system and allocate resources. In particular, we present a hardware-supported page permission framework for physical pages that is based on the concept of non-inclusive sets of memory permissions for different layers of system software (such as hypervisors, operating systems, and user-level applications). Instead of viewing privilege levels as an ordered hierarchy with each successive level being more privileged, we view them as distinct levels each with its own set of permissions. In order to enable system software to manage client processes, we define a set of legal permission transitions that support resource allocation but preserve security. We show that the model prevents a range of recent attacks. We also show that it can be implemented with negligible performance overhead (both at load time and at run time), low hardware complexity and minimal changes to the commodity OS and hypervisor code.
(Show Context)

Iso-X: A Flexible Architecture for Hardware-Managed Isolated Execution

by unknown authors
"... Abstract—We consider the problem of how to provide an execution environment where the application’s secrets are safe even in the presence of malicious system software layers. We propose Iso-X — a flexible, fine-grained hardware-supported framework that provides isolation for security-critical pieces ..."
Abstract - Add to MetaCart
Abstract—We consider the problem of how to provide an execution environment where the application’s secrets are safe even in the presence of malicious system software layers. We propose Iso-X — a flexible, fine-grained hardware-supported framework that provides isolation for security-critical pieces of an application such that they can execute securely even in the presence of untrusted system software. Isolation in Iso-X is achieved by creating and dynamically managing compartments to host critical fragments of code and associated data. Iso-X provides fine-grained isolation at the memory-page level, flexible allocation of memory, and a low-complexity, hardware-only trusted computing base. Iso-X requires minimal additional hardware, a small number of new ISA instructions to manage compartments, and minimal changes to the operating system which need not be in the trusted computing base. The run-time performance overhead of Iso-X is negligible and even the over-head of creating and destroying compartments is modest. Iso-X offers higher memory flexibility than the recently proposed SGX design from Intel, allowing both fluid partitioning of the available memory space and dynamic growth of compartments. An FPGA implementation of Iso-X runtime mechanisms shows a negligible impact on the processor cycle time. Keywords-hardware security; isolated execution; I.
(Show Context)

Quantifiable Run-time Kernel Attack Surface Reduction

by Anil Kurmus, Sergej Dech, Tu Braunschweig
"... Abstract. The sheer size of commodity operating system kernels makes them a prime target for local attackers aiming to escalate privileges. At the same time, as much as 90 % of kernel functions are not required for processing system calls originating from a typical network daemon. This results in an ..."
Abstract - Add to MetaCart
Abstract. The sheer size of commodity operating system kernels makes them a prime target for local attackers aiming to escalate privileges. At the same time, as much as 90 % of kernel functions are not required for processing system calls originating from a typical network daemon. This results in an unnecessarily high exposure. In this paper, we introduce kRazor, an approach to reduce the kernel’s attack surface by limiting the amount of kernel code accessible to an application. KRAZOR first traces individual kernel functions used by an application. KRAZOR can then detect and prevent uses of unnecessary kernel functions by a process. This step is implemented as a kernel module that instruments select kernel functions. A heuristic on the kernel function selection allows KRAZOR to have negligible performance overhead. We evaluate results under real-world workloads for four typical server applications. Results show that the performance overhead and false positives remain low, while the attack surface reduction can be as high as 80%. 1
(Show Context)

Distributed under Creative Commons CC-BY 4.0 OPEN ACCESS

by Michael Maass, Cynthia Irvine, Michael Maass, Adam Sales, Benjamin Chung, Joshua Sunshine , 2016
"... Declarations can be found on page 29 ..."
Abstract - Add to MetaCart
Declarations can be found on page 29