KEcruiser: A novel control flow protection for kernel extensions

Donghai Tian, Rui Ma*, Xiaoqi Jia, Changzhen Hu

*此作品的通讯作者

科研成果: 期刊稿件文章同行评审

3 引用 (Scopus)

摘要

Vulnerable kernel extensions are severe threats to the security of modern operating systems. Due to lack of protection mechanism in the kernel space, the kernel extension exploitation could take over the entire operating system's control. To enhance security and reliability of kernel extensions, many solutions mainly rely on adding the kernel isolation mechanisms to confine the execution behaviors of kernel extensions. However, previous methods suffer from limitations in terms of compatibility and performance cost. To address these issues, we present KEcruiser, a novel control flow protection mechanism for kernel extensions. The basic idea of our approach is to monitor the control flow of a kernel extension and then identify the abnormal execution behavior during run-time. Based on the recent hardware feature, our system can collect the kernel control flow information efficiently. By leveraging the virtualization technology, our security monitor is deployed outside of the target VM so that the kernel control flow can be checked securely. To ensure the monitoring correctness and concurrency, we make use of Lamport's ring buffer algorithm. Our system is compatible with the existing commodity operating system, and it can protect the running kernel extensions transparently. The experiments show that KEcruiser can effectively identify control flow violation occurred in kernel extensions with small performance cost.

源语言英语
页(从-至)1-9
页数9
期刊Future Generation Computer Systems
100
DOI
出版状态已出版 - 11月 2019

指纹

探究 'KEcruiser: A novel control flow protection for kernel extensions' 的科研主题。它们共同构成独一无二的指纹。

引用此