FRINK Linked Data Fragments server

Matches in SemOpenAlex for { <https://semopenalex.org/work/W2279059888> ?p ?o ?g. }

• W2279059888 abstract "Protecting Commodity Operating Systems through Strong Kernel Isolation Vasileios P. Kemerlis Today’s operating systems are large, complex, and plagued with vulnerabilities that allow perpetrators to exploit them for profit. The constant rise in the number of software weaknesses, coupled with the sophistication of modern adversaries, make the need for effective and adaptive defenses more critical than ever. In this dissertation, we develop a set of novel protection mechanisms, and introduce new concepts and techniques to secure commodity operating systems against attacks that exploit vulnerabilities in kernel code. Modern OSes opt for a shared process/kernel model to minimize the overhead of operations that cross protection domains. However, this design choice provides a unique vantage point to local attackers, as it allows them to control—both in terms of permissions and contents—part of the memory that is accessible by the kernel, easily circumventing protections like kernel-space ASLR and WˆX. Attacks that leverage the weak separation between user and kernel space, characterized as return-to-user (ret2usr) attacks, have been the de facto kernel exploitation technique in virtually every major OS, while they are not limited to the x86 platform, but have also targeted ARM and others. Given the multi-OS and cross-architecture nature of ret2usr threats, we propose kGuard: a kernel protection mechanism, realized as a cross-platform compiler extension, which can safeguard any 32or 64-bit OS kernel from ret2usr attacks. kGuard enforces strong address space segregation by instrumenting exploitable control transfers with dynamic ControlFlow Assertions (CFAs). CFAs, a new confinement (inline monitoring) concept that we introduce, act as guards that prevent the unconstrained transition of privileged execution paths to user space. To thwart attacks against itself, kGuard also incorporates two novel code diversification techniques: code inflation and CFA motion. Both countermeasures randomize the location of the inline guards, creating a moving target for an attacker that tries to pinpoint their exact placement to evade kGuard. Evaluation results indicate that kGuard provides comprehensive ret2usr protection with negligible overhead (∼1%). Furthermore, we expose a set of additional kernel design practices that trade stronger isolation for performance, all of which can be harnessed to deconstruct kernel isolation. To demonstrate the significance of the problem, we introduce a new kernel exploitation technique, dubbed return-to-direct-mapped memory (ret2dir), which relies on inherent properties of the memory management (sub)system of modern OSes to bypass every ret2usr defense to date. To illustrate the effectiveness of ret2dir, we outline a principled methodology for constructing reliable exploits against hardened targets. We further apply it on real-world kernel exploits for x86, x86-64, and ARM Linux, transforming them into ret2dir-equivalents that bypass deployed ret2usr protections, like Intel SMEP and ARM PXN. Finally, we introduce the concept of eXclusive Page Frame Ownership (XPFO): a memory management approach that prevents the implicit sharing of page frames among user processes and the kernel, ensuring that user-controlled content can no longer be injected into kernel space using ret2dir. We built XPFO on Linux and implemented a set of optimizations, related to TLB handling and page frame content sanitization, to minimize its performance penalty. Evaluation results show that our proposed defense offers effective protection against ret2dir attacks with low runtime overhead (<3%)." @default.
• W2279059888 created "2016-06-24" @default.
• W2279059888 creator A5006944216 @default.
• W2279059888 date "2015-01-01" @default.
• W2279059888 modified "2023-09-23" @default.
• W2279059888 title "Protecting Commodity Operating Systems through Strong Kernel Isolation" @default.
• W2279059888 cites W103986934 @default.
• W2279059888 cites W1416744215 @default.
• W2279059888 cites W1447175589 @default.
• W2279059888 cites W1487895014 @default.
• W2279059888 cites W1516211918 @default.
• W2279059888 cites W1522250664 @default.
• W2279059888 cites W1535810264 @default.
• W2279059888 cites W1543978366 @default.
• W2279059888 cites W1544471297 @default.
• W2279059888 cites W1573624842 @default.
• W2279059888 cites W1576624296 @default.
• W2279059888 cites W1598046093 @default.
• W2279059888 cites W1608091202 @default.
• W2279059888 cites W1631846088 @default.
• W2279059888 cites W1641762327 @default.
• W2279059888 cites W1655226010 @default.
• W2279059888 cites W1656529189 @default.
• W2279059888 cites W173413620 @default.
• W2279059888 cites W1746694335 @default.
• W2279059888 cites W1823377586 @default.
• W2279059888 cites W1963947298 @default.
• W2279059888 cites W1965076509 @default.
• W2279059888 cites W1976721395 @default.
• W2279059888 cites W1980296610 @default.
• W2279059888 cites W19830081 @default.
• W2279059888 cites W1996027765 @default.
• W2279059888 cites W1996931407 @default.
• W2279059888 cites W1998009565 @default.
• W2279059888 cites W2002915275 @default.
• W2279059888 cites W2015083179 @default.
• W2279059888 cites W2019641142 @default.
• W2279059888 cites W2022292029 @default.
• W2279059888 cites W2025429468 @default.
• W2279059888 cites W2027963645 @default.
• W2279059888 cites W2029224396 @default.
• W2279059888 cites W2036548030 @default.
• W2279059888 cites W2040234252 @default.
• W2279059888 cites W2040555078 @default.
• W2279059888 cites W2056073317 @default.
• W2279059888 cites W2057732821 @default.
• W2279059888 cites W2083355374 @default.
• W2279059888 cites W2101889913 @default.
• W2279059888 cites W2105321788 @default.
• W2279059888 cites W2105545278 @default.
• W2279059888 cites W2108528485 @default.
• W2279059888 cites W2108747667 @default.
• W2279059888 cites W2109219878 @default.
• W2279059888 cites W2110756602 @default.
• W2279059888 cites W2114604089 @default.
• W2279059888 cites W2117115928 @default.
• W2279059888 cites W2121468041 @default.
• W2279059888 cites W2123436168 @default.
• W2279059888 cites W2127321265 @default.
• W2279059888 cites W2136310957 @default.
• W2279059888 cites W2138517425 @default.
• W2279059888 cites W2144006591 @default.
• W2279059888 cites W2144219822 @default.
• W2279059888 cites W2146431583 @default.
• W2279059888 cites W2146878883 @default.
• W2279059888 cites W2152475836 @default.
• W2279059888 cites W2155306121 @default.
• W2279059888 cites W2157185728 @default.
• W2279059888 cites W2159216827 @default.
• W2279059888 cites W2162800072 @default.
• W2279059888 cites W2241531943 @default.
• W2279059888 cites W2273206056 @default.
• W2279059888 cites W2394543764 @default.
• W2279059888 cites W2402520897 @default.
• W2279059888 cites W3023247281 @default.
• W2279059888 cites W6385438 @default.
• W2279059888 cites W70478248 @default.
• W2279059888 cites W2095881341 @default.
• W2279059888 doi "https://doi.org/10.7916/d89c6wz6" @default.
• W2279059888 hasPublicationYear "2015" @default.
• W2279059888 type Work @default.
• W2279059888 sameAs 2279059888 @default.
• W2279059888 citedByCount "6" @default.
• W2279059888 countsByYear W22790598882017 @default.
• W2279059888 countsByYear W22790598882020 @default.
• W2279059888 countsByYear W22790598882021 @default.
• W2279059888 crossrefType "journal-article" @default.
• W2279059888 hasAuthorship W2279059888A5006944216 @default.
• W2279059888 hasConcept C111919701 @default.
• W2279059888 hasConcept C114614502 @default.
• W2279059888 hasConcept C136085584 @default.
• W2279059888 hasConcept C144240696 @default.
• W2279059888 hasConcept C165696696 @default.
• W2279059888 hasConcept C169590947 @default.
• W2279059888 hasConcept C176649486 @default.
• W2279059888 hasConcept C18131444 @default.
• W2279059888 hasConcept C28180684 @default.
• W2279059888 hasConcept C33923547 @default.
• W2279059888 hasConcept C38652104 @default.
• W2279059888 hasConcept C41008148 @default.

• next