TY - GEN
T1 - Policy-centric protection of OS kernel from vulnerable loadable kernel modules
AU - Tian, Donghai
AU - Xiong, Xi
AU - Hu, Changzhen
AU - Liu, Peng
PY - 2011
Y1 - 2011
N2 - Due to lack of the protecting mechanism in the kernel space, the loadable kernel modules (LKM) may be exploited and thus seriously affecting the OS kernel's security via utilizing the implicit or explicit vulnerabilities. Although lots of systems have been developed to address the above problem, there still remain some challenges. a) How to automatically generate a security policy before the kernel module is enforced? b) How to properly mediate the interactions between the kernel module and OS kernel to ensure the policy consistence without modifications (or least changes) on the existing OS, hardware, and kernel module structure? In this paper, we present LKMG, a policy-centric system which can protect commodity OS kernel from vulnerable loadable kernel modules. More powerful than previous systems, LKMG is able to generate a security policy form the kernel module, and then enforce the policy during the kernel module's execution. Generally, the working process of LKMG can be divided into two stages. First, we utilize static analysis to extract the kernel code and data access patterns from a kernel module's source code, and then combine these patterns with the related memory address information to generate a security policy. Second, by leveraging hardware-based virtualization technology, LKMG isolates the kernel module from the rest of the kernel, and then enforces the kernel module's execution to obey the derived policy. The experiment show that our system can defend against various loadable kernel module exploitations effectively with moderate performance overhead.
AB - Due to lack of the protecting mechanism in the kernel space, the loadable kernel modules (LKM) may be exploited and thus seriously affecting the OS kernel's security via utilizing the implicit or explicit vulnerabilities. Although lots of systems have been developed to address the above problem, there still remain some challenges. a) How to automatically generate a security policy before the kernel module is enforced? b) How to properly mediate the interactions between the kernel module and OS kernel to ensure the policy consistence without modifications (or least changes) on the existing OS, hardware, and kernel module structure? In this paper, we present LKMG, a policy-centric system which can protect commodity OS kernel from vulnerable loadable kernel modules. More powerful than previous systems, LKMG is able to generate a security policy form the kernel module, and then enforce the policy during the kernel module's execution. Generally, the working process of LKMG can be divided into two stages. First, we utilize static analysis to extract the kernel code and data access patterns from a kernel module's source code, and then combine these patterns with the related memory address information to generate a security policy. Second, by leveraging hardware-based virtualization technology, LKMG isolates the kernel module from the rest of the kernel, and then enforces the kernel module's execution to obey the derived policy. The experiment show that our system can defend against various loadable kernel module exploitations effectively with moderate performance overhead.
UR - http://www.scopus.com/inward/record.url?scp=79956296365&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-21031-0_24
DO - 10.1007/978-3-642-21031-0_24
M3 - Conference contribution
AN - SCOPUS:79956296365
SN - 9783642210303
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 317
EP - 332
BT - Information Security Practice and Experience - 7th International Conference, ISPEC 2011, Proceedings
T2 - 7th International Conference on Information Security Practice and Experience, ISPEC 2011
Y2 - 30 May 2011 through 1 June 2011
ER -