Skip to main content
SpringerLink
Log in

Policy-Centric Protection of OS Kernel from Vulnerable Loadable Kernel Modules

  • Conference paper
Information Security Practice and Experience (ISPEC 2011)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 6672))

  • 1075 Accesses

Abstract

Due to lack of the protecting mechanism in the kernel space, the loadable kernel modules (LKM) may be exploited and thus seriously affecting the OS kernel’s security via utilizing the implicit or explicit vulnerabilities. Although lots of systems have been developed to address the above problem, there still remain some challenges. a) How to automatically generate a security policy before the kernel module is enforced? b) How to properly mediate the interactions between the kernel module and OS kernel to ensure the policy consistence without modifications (or least changes) on the existing OS, hardware, and kernel module structure? In this paper, we present LKMG, a policy-centric system which can protect commodity OS kernel from vulnerable loadable kernel modules. More powerful than previous systems, LKMG is able to generate a security policy form the kernel module, and then enforce the policy during the kernel module’s execution. Generally, the working process of LKMG can be divided into two stages. First, we utilize static analysis to extract the kernel code and data access patterns from a kernel module’s source code, and then combine these patterns with the related memory address information to generate a security policy. Second, by leveraging hardware-based virtualization technology, LKMG isolates the kernel module from the rest of the kernel, and then enforces the kernel module’s execution to obey the derived policy. The experiment show that our system can defend against various loadable kernel module exploitations effectively with moderate performance overhead.

This work was supported by AFOSR FA9550-07-1-0527 (MURI), ARO W911NF-09-1-0525 (MURI), NSF CNS-0905131, and AFRL FA8750-08-C-0137.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Barham, P., Dragovic, B., Fraser, K., Hand, S., Harris, T., Ho, A., Neugebauer, R., Pratt, I., Warfield, A.: Xen and the art of virtualization. In: SOSP 2003: Proceedings of the Nineteenth ACM Symposium on Operating Systems Principles, pp. 164–177. ACM, New York (2003)

    Chapter  Google Scholar 

  2. Boyd-Wickizer, S., Zeldovich, N.: Tolerating malicious device drivers in linux. In: USENIXATC 2010: Proceedings of the 2010 USENIX Conference on USENIX Annual Technical Conference, pp. 9–22. USENIX Association, Berkeley (2010)

    Google Scholar 

  3. Bulygin, Y.: Remote and local exploitation of network drivers. In: Blackhat, USA (2007)

    Google Scholar 

  4. Butt, S., Ganapathy, V., Swift, M.M., Chang, C.C.: Protecting commodity operating system kernels from vulnerable device drivers. In: ACSAC 2009: Proceedings of the 2009 Annual Computer Security Applications Conference, pp. 301–310. IEEE Computer Society, Washington (2009)

    Chapter  Google Scholar 

  5. Butti, L., Tinnes, J.: Discovering and exploiting 802.11 wireless driver vulnerabilities. Journal in Computer Virology 4, 25–37 (2008)

    Article  Google Scholar 

  6. Castro, M., Costa, M., Martin, J.-P., Peinado, M., Akritidis, P., Donnelly, A., Barham, P., Black, R.: Fast byte-granularity software fault isolation. In: SOSP 2009: Proceedings of the ACM SIGOPS 22nd Symposium on Operating Systems Principles, pp. 45–58. ACM, New York (2009)

    Chapter  Google Scholar 

  7. Chou, A., Yang, J., Chelf, B., Hallem, S., Engler, D.: An empirical study of operating systems errors. In: SOSP 2001: Proceedings of the eighteenth ACM Symposium on Operating Systems Principles, pp. 73–88. ACM, New York (2001)

    Chapter  Google Scholar 

  8. Chubb, P.: Get more device drivers out of the kernel! (2004), http://www.linuxinsight.com/files/ols2004/chubb-reprint.pdf

  9. Coverity: Analysis of the linux kernel (2004), http://www.coverity.com/

  10. Elson, J.: A linux framework for user-space devices (2004), http://www.circlemud.org/~jelson/software/fusd/docs/

  11. Erlingsson, Ú., Abadi, M., Vrable, M., Budiu, M., Necula, G.C.: Xfi: software guards for system address spaces. In: OSDI 2006: Proceedings of the 7th Symposium on Operating Systems Design and Implementation, Berkeley, CA, pp. 75–88 (2006)

    Google Scholar 

  12. Erlingsson, U., Roeder, T., Wobber, T.: Virtual environments for unreliable extensions. Tech. rep., Microsoft Research (2005)

    Google Scholar 

  13. Ernst, M.D., Perkins, J.H., Guo, P.J., McCamant, S., Pacheco, C., Tschantz, M.S., Xiao, C.: The daikon system for dynamic detection of likely invariants. Sci. Comput. Program. 69(1-3), 35–45 (2007)

    Article  MathSciNet  MATH  Google Scholar 

  14. Ganapathy, V., Renzelmann, M.J., Balakrishnan, A., Swift, M.M., Jha, S.: The design and implementation of microdrivers. In: ASPLOS XIII: Proceedings of the 13th International Conference on Architectural Support for Programming Languages and Operating Systems, pp. 168–178. ACM, New York (2008)

    Chapter  Google Scholar 

  15. Giffin, J.T., Jha, S., Miller, B.P.: Efficient context-sensitive intrusion detection. In: Proceedings of the Network and Distributed System Security Symposium (NDSS) (2004)

    Google Scholar 

  16. Intel: Intel 64 and ia-32 architectures software developer’s manuals, http://www.intel.com/Assets/PDF/manual/253669.pdf

  17. Leslie, B., Chubb, P., Fitzroy-Dale, N., Gotz, S., Gray, C., Macpherson, L., Potts, D., Shen, Y.T., Elphinstone, K.: User-level device drivers: Achieved performance. Journal of Computer Science and Technology (5), 654–664 (September 2005)

    Google Scholar 

  18. LeVasseur, J., Uhlig, V., Stoess, J., Götz, S.: Unmodified device driver reuse and improved system dependability via virtual machines. In: OSDI 2004: Proceedings of the 6th Conference on Symposium on Opearting Systems Design & Implementation, p. 2. USENIX Association, Berkeley (2004)

    Google Scholar 

  19. Maynor, D.: Os x kernel-mode exploitation in a weekend (2007), http://www.uninformed.org/

  20. McCamant, S., Morrisett, G.: Evaluating sfi for a cisc architecture. In: USENIX-SS 2006: Proceedings of the 15th Conference on USENIX Security Symposium, Berkeley, CA (2006)

    Google Scholar 

  21. Microsoft: Architecture of the user-mode driver framework (2006), http://www.microsoft.com/whdc/driver/wdf/umdf-arch.mspx

  22. Necula, G.C., McPeak, S., Rahul, S.P., Weimer, W.: Cil: Intermediate language and tools for analysis and transformation of c programs. In: CC 2002. LNCS, vol. 2304, pp. 213–228. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  23. Swift, M.M., Bershad, B.N., Levy, H.M.: Improving the reliability of commodity operating systems. ACM Trans. Comput. Syst. 23(1), 77–110 (2005)

    Article  Google Scholar 

  24. Wagner, D., Soto, P.: Mimicry attacks on host-based intrusion detection systems. In: CCS 2002: Proceedings of the 9th ACM Conference on Computer and Communications Security, pp. 255–264. ACM, New York (2002)

    Google Scholar 

  25. Wahbe, R., Lucco, S., Anderson, T.E., Graham, S.L.: Efficient software-based fault isolation. In: SOSP 1993: Proceedings of the Fourteenth ACM Symposium on Operating Systems Principles, pp. 203–216. ACM, New York (1993)

    Chapter  Google Scholar 

  26. Williams, D., Reynolds, P., Walsh, K., Sirer, E.G., Schneider, F.B.: Device driver safety through a reference validation mechanism. In: OSDI 2008: Proceedings of the 8th USENIX Conference on Operating Systems Design and Implementation, pp. 241–254. USENIX Association, Berkeley (2008)

    Google Scholar 

  27. Witchel, E., Rhee, J., Asanović, K.: Mondrix: memory isolation for linux using mondriaan memory protection. In: SOSP 2005: Proceedings of the Twentieth ACM Symposium on Operating Systems Principles, pp. 31–44. ACM, New York (2005)

    Chapter  Google Scholar 

  28. Xiong, X., Tian, D., Liu, P.: Practical protection of kernel integrity for commodity OS from untrusted extensions. In: Proceedings of the 18th Annual Network and Distributed System Security Symposium (NDSS) (2011)

    Google Scholar 

  29. Zhou, F., Condit, J., Anderson, Z., Bagrak, I., Ennals, R., Harren, M., Necula, G., Brewer, E.: Safedrive: safe and recoverable extensions using language-based techniques. In: OSDI 2006: Proceedings of the 7th Symposium on Operating Systems Design and Implementation, pp. 45–60. USENIX Association, Berkeley (2006)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Pennsylvania State University, University Park, PA, 16802, USA

    Donghai Tian, Xi Xiong & Peng Liu

  2. Beijing Institute of Technology, Beijing, 100081, China

    Donghai Tian & Changzhen Hu

Authors
  1. Donghai Tian
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Xi Xiong
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Changzhen Hu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Peng Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Institute for Infocomm Research, 1 Fusionopolis Way, # 19-01 Connexis (South Tower), 138632, Singapore, Singapore

    Feng Bao

  2. Jinan University, Huangpu Avenue West 602, 510632, Tianhe District, Guangzhou, China

    Jian Weng

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Tian, D., Xiong, X., Hu, C., Liu, P. (2011). Policy-Centric Protection of OS Kernel from Vulnerable Loadable Kernel Modules. In: Bao, F., Weng, J. (eds) Information Security Practice and Experience. ISPEC 2011. Lecture Notes in Computer Science, vol 6672. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-21031-0_24

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-21031-0_24

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-21030-3

  • Online ISBN: 978-3-642-21031-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation