Abstract
Untrusted kernel extensions remain one of the major threats to the security of commodity OS kernels. Current containment approaches still have limitations in terms of security, granularity and flexibility, primarily due to the absence of secure resource management and communication methods. This paper presents SILVER, a framework that offers transparent protection domain primitives to achieve fine-grained access control and secure communication between OS kernel and extensions. SILVER keeps track of security properties (e.g., owner principal and integrity level) of data objects in kernel space with a novel security-aware memory management scheme, which enables fine-grained access control in an effective manner. Moreover, SILVER introduces secure primitives for data communication between protection domains based on a unified integrity model. SILVER’s protection domain primitives provide great flexibility by allowing developers to explicitly define security properties of individual program data, as well as control privilege delegation, data transfer and service exportation. We have implemented a prototype of SILVER in Linux. The evaluation results reveal that SILVER is effective against various kinds of kernel threats with a reasonable performance and resource overhead.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Android: Security and Permissions, http://developer.android.com/guide/topics/security/security.html
Linux kernel can slub overflow, http://jon.oberheide.org/blog/2010/09/10/linux-kernel-can-slub-overflow/
NSA. Security enhanced linux, http://www.nsa.gov/selinux/
The SLUB allocator, http://lwn.net/Articles/229984/
Abadi, M., Budiu, M., Erlingsson, U., Ligatti, J.: Control-flow Integrity. In: CCS 2005 (2005)
Biba, K.J.: Integrity Considerations for Secure Computer Systems. Tech. Rep. MTR-3153, The Mitre Corporation (1977)
Castro, M., Costa, M., Martin, J.P., Peinado, M., Akritidis, P., Donnelly, A., Barham, P., Black, R.: Fast Byte-granularity Software Fault Isolation. In: SOSP 2009 (2009)
Chase, J.S., Levy, H.M., Feeley, M.J., Lazowska, E.D.: Sharing and Protection in a Single-Address-Space Operating System. ACM Trans. Comput. Syst. 12, 271–307 (1994)
Chen, X., Garfinkel, T., Lewis, E.C., Subrahmanyam, P., Waldspurger, C.A., Boneh, D., Dwoskin, J., Ports, D.R.: Overshadow: a Virtualization-based Approach to Retrofitting Protection in Commodity Operating Systems. In: ASPLOS 2008 (2008)
Chiueh, T.C., Venkitachalam, G., Pradhan, P.: Integrating Segmentation and Paging Protection for Safe, Efficient and Transparent Software Extensions. In: SOSP 1999 (1999)
Douceur, J.R., Elson, J., Howell, J., Lorch, J.R.: Leveraging Legacy Code to Deploy Desktop Applications on the Web. In: OSDI 2008 (2008)
Erlingsson, U., Abadi, M., Vrable, M., Budiu, M., Necula, G.C.: XFI: Software Guards for System Address Spaces. In: OSDI 2006 (2006)
Fähndrich, M., Aiken, M., Hawblitzel, C., Hodson, O., Hunt, G., Larus, J.R., Levi, S.: Language Support for Fast and Reliable Message-based Communication in Singularity OS. In: EuroSys 2006 (2006)
Ford, B., Cox, R.: Vx32: Lightweight User-level Sandboxing on the x86. In: USENIX ATC (2008)
Garfinkel, T., Pfaff, B., Rosenblum, M.: Ostia: A Delegating Architecture for Secure System Call Interposition. In: NDSS 2004 (2004)
Klein, G., Elphinstone, K., Heiser, G., Andronick, J., Cock, D., Derrin, P., Elkaduwe, D., Engelhardt, K., Kolanski, R., Norrish, M., Sewell, T., Tuch, H., Winwood, S.: seL4: Formal Verification of an OS Kernel. In: SOSP 2009 (2009)
Krohn, M., Yip, A., Brodsky, M., Cliffer, N., Kaashoek, M.F., Kohler, E., Morris, R.: Information Flow Control for Standard OS Abstractions. In: SOSP 2007 (2007)
Liedtke, J.: On Micro-kernel Construction. In: SOSP 1995 (1995)
Mao, Y., Chen, H., Zhou, D., Wang, X., Zeldovich, N., Kaashoek, M.F.: Software fault isolation with API integrity and multi-principal modules. In: SOSP 2011 (2011)
McCune, J.M., Li, Y., Qu, N., Zhou, Z., Datta, A., Gligor, V., Perrig, A.: TrustVisor: Efficient TCB Reduction and Attestation. In: Proceedings of the 2010 IEEE Symposium on Security and Privacy (2010)
Riley, R., Jiang, X., Xu, D.: Guest-Transparent Prevention of Kernel Rootkits with VMM-Based Memory Shadowing. In: Lippmann, R., Kirda, E., Trachtenberg, A. (eds.) RAID 2008. LNCS, vol. 5230, pp. 1–20. Springer, Heidelberg (2008)
Seshadri, A., Luk, M., Qu, N., Perrig, A.: SecVisor: A Tiny Hypervisor to Provide Lifetime Kernel Code Integrity for Commodity OSes. In: SOSP 2007 (2007)
Shapiro, J.S., Smith, J.M., Farber, D.J.: EROS: a Fast Capability System. In: SOSP 1999 (1999)
Sharif, M.I., Lee, W., Cui, W., Lanzi, A.: Secure in-vm monitoring using hardware virtualization. In: CCS 2009, pp. 477–487. ACM, New York (2009)
Swift, M.M., Bershad, B.N., Levy, H.M.: Improving the Reliability of Commodity Operating Systems. In: SOSP 2003 (2003)
Wahbe, R., Lucco, S., Anderson, T.E., Graham, S.L.: Efficient Software-based Fault Isolation. In: SOSP 1993 (1993)
Wang, H.J., Grier, C., Moshchuk, A., King, S.T., Choudhury, P., Venter, H.: The Multi-principal OS Construction of the Gazelle Web Browser. In: USENIX Security 2009 (2009)
Wang, Z., Jiang, X., Cui, W., Ning, P.: Countering Kernel Rootkits with Lightweight Hook Protection. In: CCS 2009 (2009)
Watson, R.N.M., Anderson, J., Laurie, B., Kennaway, K.: Capsicum: Practical Capabilities for UNIX. In: USENIX Security 2010 (2010)
Witchel, E., Rhee, J., Asanović, K.: Mondrix: Memory Isolation for Linux using Mondriaan Memory Protection. In: SOSP 2005 (2005)
Xiong, X., Tian, D., Liu., P.: Practical Protection of Kernel Integrity for Commodity OS from Untrusted Extensions. In: NDSS 2011 (2011)
Yee, B., Sehr, D., Dardyk, G., Chen, J.B., Muth, R., Ormandy, T., Okasaka, S., Narula, N., Fullagar, N.: Native Client: A Sandbox for Portable, Untrusted x86 Native Code. In: IEEE Symposium on Security and Privacy (2009)
Zeldovich, N., Boyd-Wickizer, S., Kohler, E., Mazières, D.: Making Information Flow Explicit in HiStar. In: OSDI 2006 (2006)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Xiong, X., Liu, P. (2013). SILVER: Fine-Grained and Transparent Protection Domain Primitives in Commodity OS Kernel. In: Stolfo, S.J., Stavrou, A., Wright, C.V. (eds) Research in Attacks, Intrusions, and Defenses. RAID 2013. Lecture Notes in Computer Science, vol 8145. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-41284-4_6
Download citation
DOI: https://doi.org/10.1007/978-3-642-41284-4_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-41283-7
Online ISBN: 978-3-642-41284-4
eBook Packages: Computer ScienceComputer Science (R0)