Skip to main content

KPRM: Kernel Page Restriction Mechanism to Prevent Kernel Memory Corruption

  • Conference paper
  • First Online:
Advances in Information and Computer Security (IWSEC 2021)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12835))

Included in the following conference series:

  • 486 Accesses

Abstract

An operating system (OS) comprises a mechanism for sharing the kernel address space with each user process. An adversary’s user process compromises the OS kernel through memory corruption, exploiting the kernel vulnerability. It overwrites the kernel code related to security features or the kernel data containing privilege information.

Process-local memory and system call isolation divide one kernel address space into multiple kernel address spaces. While user processes create their own kernel address space, these methods leave the kernel code vulnerable. Further, an adversary’s user process can involve malicious code that elevates from user mode to kernel mode.

Herein, we propose the kernel page restriction mechanism (KPRM), which is a novel security design that prohibits vulnerable kernel code execution and prevents writing to the kernel data from an adversary’s user process. The KPRM dynamically unmaps the kernel page of vulnerable kernel code and attack target kernel data from the kernel address space. This removes the reference of the unmapped kernel page from the kernel page table at the system call invocation. The KPRM achieves that an adversary’s user process can not employ the reference of unmapped kernel page to exploit the kernel through vulnerable kernel code on the running kernel. We implemented KPRM on the latest Linux kernel and showed that it successfully thwarts actual proof-of-concept kernel vulnerability attacks that may cause kernel memory corruption. In addition, the KPRM performance results indicated limited kernel processing overhead in software benchmarks and a low impact on user applications.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Abadi, M., Budiu, M., Erlingsson, U., Ligatti, J.: Control-flow integrity principles, implementations, and applications. In: Proceedings of the 12th ACM Conference on Computer and Communications Security, pp. 340–353. ACM (2005). https://doi.org/10.1145/1609956.1609960

  2. Shacham, H., Page, M., Pfaff, B., Goh, E., Modadugu, N., Boneh, D.: On the effectiveness of address-space randomization. In: Proceedings of the 11th ACM Conference on Computer and Communications Security, pp. 298–307. ACM (2004). https://doi.org/10.1145/1030083.1030124

  3. Intel: 8th and 9th Generation Intel®Core™Processor Families and Intel® Xeon®E Processor Families Datasheet. Volume 1 of 2. Revision 006 (2020). https://www.intel.com/content/dam/www/public/us/en/documents/datasheets/8th-gen-core-family-datasheet-vol-1.pdf. Accessed 8 Dec 2020

  4. Hillenbrand, M.: Process-local memory allocations for hiding KVM secrets (2019). https://lwn.net/Articles/791069/. Accessed 8 Aug 2019

  5. Rapoport, M.: x86: introduce system calls address space isolation (2019). https://lwn.net/Articles/786894/. Accessed 8 Aug 2019

  6. Exploit Database, Nexus 5 Android 5.0 - Privilege Escalation. https://www.exploit-db.com/exploits/35711/. Accessed 21 May 2019

  7. grsecurity: super fun 2.6.30+/RHEL5 2.6.18 local kernel exploit. https://grsecurity.net/~spender/exploits/exploit2.txt. Accessed 21 May 2019

  8. Chen, H., Mao, Y., Wang, X., Zhow, D., Zeldovich, N., Kaashoek, F.M.: Linux kernel vulnerabilities - state-of-the-art defenses and open problems. In: Proceedings of the Second Asia-Pacific Workshop on Systems, pp. 1–5. ACM (2011). https://doi.org/10.1145/2103799.2103805

  9. Linux Vulnerability Statistics. https://www.cvedetails.com/vendor/33/Linux.html. Accessed 8 Dec 2020

  10. CVE-2017-16995. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16995. Accessed 10 June 2019

  11. The FreeBSD documentation project.: FreeBSD architecture handbook (2006). https://www.freebsd.org/doc/en_US.ISO8859-1/books/arch-handbook/. Accessed 8 Aug 2019

  12. Ge, X., Vijayakumar, H., Jaeger, T.: Sprobes: enforcing kernel code integrity on the trustzone architecture. In: Proceedings of the Third Workshop on Mobile Security Technologies. ACM (2014)

    Google Scholar 

  13. Lee, D., Kohlbrenner, D., Shinde, S., Asanović, K., Song, D.: Keystone: an open framework for architecting trusted execution environments. In: Proceedings of the Fifteenth European Conference on Computer Systems, pp. 1–16. ACM (2020). https://doi.org/10.1145/3342195.3387532

  14. Marcela, S.M., Michael, J.F., Mic, B.: EnclaveDom: privilege separation for large-TCB applications in trusted execution environments. https://arxiv.org/abs/1907.13245. Accessed 8 Dec 2020

  15. Gravani, S., Mohammad, H., Criswell, J., Scott, L.M.: IskiOS: lightweight defense against kernel-level code-reuse attacks. https://arxiv.org/abs/1903.04654. Accessed 8 Dec 2020

  16. Hua, Z., Du, D., Xia, Y., Chen, H., Zang, B.: EPTI: efficient defence against meltdown attack for unpatched VMs. In: Proceedings of the 2018 USENIX Annual Technical Conference, pp. 255–266. USENIX (2018). https://dl.acm.org/doi/10.5555/3277355.3277380

  17. Gruss, D., Lipp, M., Schwarz, M., Fellner, R., Maurice, C., Mangard, S.: KASLR is dead: long live KASLR. In: Bodden, E., Payer, M., Athanasopoulos, E. (eds.) ESSoS 2017. LNCS, vol. 10379, pp. 161–176. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-62105-0_11

    Chapter  Google Scholar 

  18. Kemerlis, P.V., Polychronakis, M., Kemerlis, D.A.: ret2dir: rethinking kernel isolation. In: Proceedings of the 23rd USENIX Conference on Security Symposium, pp. 957–972. USENIX (2014). https://dl.acm.org/doi/10.5555/2671225.2671286

  19. Davi, L., Gens, D., Liebchen, C., Sadeghi, A.-R.: PT-Rand: practical mitigation of data-only attacks against page tables. In: Proceedings of the 23rd Network and Distributed System Security Symposium. Internet Society (2016)

    Google Scholar 

  20. Pomonis, M., Petsios, T.: kR\({\hat{\,}}\)X: comprehensive kernel protection against just-in-time code reuse. In: Proceedings of the Twelfth European Conference on Computer Systems, pp. 420–436. ACM (2017). https://doi.org/10.1145/3064176.3064216

  21. Gionta, J., Enck, W., Larsen, P.: Preventing kernel code-reuse attacks through disclosure resistant code diversification. In: Proceedings of the 2016 IEEE Conference on Communications and Network Security, pp. 189–197. IEEE (2016). https://doi.org/10.1109/CNS.2016.7860485

  22. Sergej, P., Marius, M., Seyedhamed, G., Vasileios, P.K., Michalis, P.: xMP: selective memory protection for kernel and user space. In: Proceedings of the 41st IEEE Symposium on Security and Privacy, pp. 563–577. IEEE (2020). https://doi.ieeecomputersociety.org/10.1109/SP40000.2020.00041

  23. Dautenhahn, N., Kasampalis, T., Dietz, W., Criswell, J., Adve, V.: Nested kernel: an operating system architecture for intra-kernel privilege separation. In: Proceedings of the 20th International Conference on Architectural Support for Programming Languages and Operating Systems, pp. 191–206. ACM (2015). https://doi.org/10.1145/2694344.2694386

  24. Kurmus, A., Dechand, S., Kapitza, R.: Quantifiable run-time kernel attack surface reduction. In: Dietrich, S. (ed.) DIMVA 2014. LNCS, vol. 8550, pp. 212–234. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-08509-8_12

    Chapter  Google Scholar 

  25. Zhang, Z., Cheng, Y., Nepal, S., Liu, D., Shen, Q., Rabhi, F.: KASR: a reliable and practical approach to attack surface reduction of commodity OS kernels. In: Bailey, M., Holz, T., Stamatogiannakis, M., Ioannidis, S. (eds.) RAID 2018. LNCS, vol. 11050, pp. 691–710. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-00470-5_32

    Chapter  Google Scholar 

  26. Kuo, H.C., et al.: MultiK: a framework for orchestrating multiple specialized kernels. https://arxiv.org/abs/1903.06889v1. Accessed 16 May 2019

Download references

Acknowledgment

This work was partially supported by Japan Society for the Promotion of Science (JSPS) KAKENHI Grant Number JP19H04109.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Hiroki Kuzuno .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Kuzuno, H., Yamauchi, T. (2021). KPRM: Kernel Page Restriction Mechanism to Prevent Kernel Memory Corruption. In: Nakanishi, T., Nojima, R. (eds) Advances in Information and Computer Security. IWSEC 2021. Lecture Notes in Computer Science(), vol 12835. Springer, Cham. https://doi.org/10.1007/978-3-030-85987-9_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-85987-9_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-85986-2

  • Online ISBN: 978-3-030-85987-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics