research-article

RegVault: hardware assisted selective data randomization for operating system kernels

Authors:

Kui RenAuthors Info & Claims

DAC '22: Proceedings of the 59th ACM/IEEE Design Automation Conference

Pages 715 - 720

https://doi.org/10.1145/3489517.3530549

Published: 23 August 2022 Publication History

Abstract

This paper presents RegVault, a hardware-assisted lightweight data randomization scheme for OS kernels. RegVault introduces novel cryptographically strong hardware primitives to protect both the confidentiality and integrity of register-grained data. RegVault leverages annotations to mark sensitive data and instruments their loads and stores automatically. Moreover, RegVault also introduces new techniques to protect the interrupt context and safeguard the sensitive data spilling. We implement a prototype of RegVault by extending RISC-V architecture to protect six types of sensitive data in Linux kernel. Our evaluations show that RegVault can defend against the kernel data attacks effectively with a minimal performance overhead.

References

[1]

Roberto Avanzi. The qarma block cipher family. almost mds matrices over rings with zero divisors, nearly symmetric even-mansour constructions with non-involutory central rounds, and search heuristics for low-latency s-boxes. IACR Transactions on Symmetric Cryptology, 2017(1):4--44, Mar. 2017.

[2]

Brandon Azad. ios kernel pac, one year later. https://i.blackhat.com/USA-20/Wednesday/us-20-Azad-iOS-Kernel-PAC-One-Year-Later.pdf, 2020.

[3]

Ray Beaulieu, Douglas Shors, Jason Smith, Stefan Treatman-Clark, Bryan Weeks, and Louis Wingers. The simon and speck families of lightweight block ciphers. Cryptology ePrint Archive, Report 2013/404, 2013. https://ia.cr/2013/404.

[4]

Christof Beierle, Gregor Leander, Amir Moradi, and Shahram Rasoolzadeh. Craft: Lightweight tweakable block cipher with efficient protection against dfa attacks. Cryptology ePrint Archive, Report 2019/210, 2019. https://ia.cr/2019/210.

[5]

Brian Belleville, Hyungon Moon, Jangseop Shin, Dongil Hwang, Joseph M Nash, Seonhwa Jung, Yeoul Na, Stijn Volckaert, Per Larsen, Yunheung Paek, et al. Hardware assisted randomization of data. In International Symposium on Research in Attacks, Intrusions, and Defenses, pages 337--358. Springer, 2018.

[6]

Sandeep Bhatkar and R Sekar. Data space randomization. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, pages 1--22. Springer, 2008.

Digital Library

[7]

Scott A Carr and Mathias Payer. Datashield: Configurable data confidentiality and integrity. In Proceedings of the ASIACCS, pages 193--204, 2017.

[8]

Microsoft Corporation. A proactive approach to more secure code. https://msrcblog.microsoft.com/2019/07/16/a-proactive-approach-to-more-secure-code/.

[9]

Rémi Denis-Courmont, Hans Liljestrand, Carlos Chinea, and Jan-Erik Ekberg. Camouflage: Hardware-assisted cfi for the arm linux kernel. In Proceedings of DAC. IEEE Press, 2020.

[10]

Mark Gallagher, Lauren Biernacki, Shibo Chen, Zelalem Birhanu Aweke, Salessawi Ferede Yitbarek, Misiker Tadesse Aga, Austin Harris, et al. Morpheus: A vulnerability-tolerant secure architecture based on ensembles of moving target defenses with churn. In Proceedings of the ASPLOS, pages 469--484, 2019.

[11]

Volodymyr Kuznetsov, Laszlo Szekeres, Mathias Payer, George Candea, R. Sekar, and Dawn Song. Code-pointer integrity. In 11th USENIX Symposium on Operating Systems Design and Implementation (OSDI 14), pages 147--163, Broomfield, CO, October 2014. USENIX Association.

Digital Library

[12]

Hans Liljestrand, Thomas Nyman, Lachlan J Gunn, Jan-Erik Ekberg, and N Asokan. Pacstack: an authenticated call stack. In 30th {USENIX} Security Symposium ({USENIX} Security 21), 2021.

[13]

Hans Liljestrand, Thomas Nyman, Kui Wang, Carlos Chinea Perez, Jan-Erik Ekberg, and N. Asokan. PAC it up: Towards pointer integrity using ARM pointer authentication. In 28th USENIX Security Symposium (USENIX Security 19), pages 177--194, Santa Clara, CA, August 2019. USENIX Association.

[14]

Ali Jose Mashtizadeh, Andrea Bittau, Dan Boneh, and David Mazières. CCFI: Cryptographically enforced control flow integrity. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, 2015.

Digital Library

[15]

Enrique E. Nissim Nicolas A. Economou. Getting physical: extreme abuse of intel based paging systems. https://www.coresecurity.com/core-labs/articles/getting-physical-extreme-abuse-of-intel-based-paging-systems, 2016.

[16]

Tapti Palit, Fabian Monrose, and Michalis Polychronakis. Mitigating data leakage by protecting memory-resident sensitive data. In Proceedings of the 35th Annual Computer Security Applications Conference, pages 598--611, 2019.

Digital Library

[17]

Tapti Palit, Jarin Firose Moon, Fabian Monrose, and Michalis Polychronakis. Dynpta: Combining static and dynamic analysis for practical selective data protection. In 2021 IEEE Symposium on Security and Privacy (SP), 2021.

[18]

Inc. Qualcomm Technologies. Pointer authentication on armv8.3. https://www.qualcomm.com/media/documents/files/whitepaper-pointer-authentication-on-armv8-3.pdf, 2017.

[19]

Prabhu Rajasekaran, Stephen Crane, David Gens, Yeoul Na, Stijn Volckaert, and Michael Franz. Codarr: Continuous data space randomization against data-only attacks. In Proceedings of ASIACCS, pages 494--505, 2020.

Digital Library

[20]

Gokhan Sayilar and Derek Chiou. Cryptoraptor: High throughput reconfigurable cryptographic processor. In 2014 IEEE/ACM International Conference on Computer-Aided Design (ICCAD), pages 155--161, 2014.

[21]

INetCop Security. New reliable android kernel root exploitation techniques. http://powerofcommunity.net/poc2016/x82.pdf.

[22]

Di Shen. Defeating samsung knox with zero privilege. https://www.blackhat.com/docs/us-17/thursday/us-17-Shen-Defeating-Samsung-KNOX-With-Zero-Privilege.pdf.

[23]

John Wilander, Nick Nikiforakis, Yves Younan, Mariam Kamkar, and Wouter Joosen. Ripe: Runtime intrusion prevention evaluator. In ACSAC, 2011.

Digital Library

Cited By

Chen HWen YCheng LKuang SLiu YLi WLi LZhang RSong XLi WGuo QChen YSalakhutdinov RKolter ZHeller KWeller AOliver NScarlett JBerkenkamp F(2024)AutoOSProceedings of the 41st International Conference on Machine Learning10.5555/3692070.3692362(7511-7525)Online publication date: 21-Jul-2024
https://dl.acm.org/doi/10.5555/3692070.3692362
Lim HKim JLee HLuo BLiao XXu JKirda ELie D(2024)uMMU: Securing Data Confidentiality with Unobservable Memory SubsystemProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3690340(2993-3007)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3690340
Zhang XGong HChang RZhou Y(2024)RECAST: Mitigating Conflict-Based Cache Attacks Through Fine-Grained Dynamic MappingIEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.336886219(3758-3771)Online publication date: 2024
https://doi.org/10.1109/TIFS.2024.3368862
Show More Cited By

Recommendations

A new unpredictability-based radio frequency identification forward privacy model and a provably secure construction

The privacy model of radio frequency identification RFID systems is for formalizing the adversarial capabilities and the security requirements of RFID anonymity and untraceability. Existing unpredictability-based privacy models such as unp-privacy, eunp-...
Personalised anonymity for microdata release

Individual privacy protection in the released data sets has become an important issue in recent years. The release of microdata provides a significant information resource for researchers, whereas the release of person‐specific data poses a threat to ...
Linux on HP Integrity Servers

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

DAC '22: Proceedings of the 59th ACM/IEEE Design Automation Conference

July 2022

1462 pages

ISBN:9781450391429

DOI:10.1145/3489517

General Chair:
Rob Oshana
NXP

Copyright © 2022 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGDA: ACM Special Interest Group on Design Automation
IEEE CEDA

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 23 August 2022

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Research-article

Funding Sources

National Natural Science Foundation of China

Conference

DAC '22

Sponsor:

SIGDA

DAC '22: 59th ACM/IEEE Design Automation Conference

July 10 - 14, 2022

California, San Francisco

Acceptance Rates

Overall Acceptance Rate 1,770 of 5,499 submissions, 32%

Upcoming Conference

DAC '25

Sponsor:
sigda

62nd ACM/IEEE Design Automation Conference

June 22 - 26, 2025

San Francisco , CA , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
188
Total Downloads

Downloads (Last 12 months)49
Downloads (Last 6 weeks)2

Reflects downloads up to 05 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Chen HWen YCheng LKuang SLiu YLi WLi LZhang RSong XLi WGuo QChen YSalakhutdinov RKolter ZHeller KWeller AOliver NScarlett JBerkenkamp F(2024)AutoOSProceedings of the 41st International Conference on Machine Learning10.5555/3692070.3692362(7511-7525)Online publication date: 21-Jul-2024
https://dl.acm.org/doi/10.5555/3692070.3692362
Lim HKim JLee HLuo BLiao XXu JKirda ELie D(2024)uMMU: Securing Data Confidentiality with Unobservable Memory SubsystemProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3690340(2993-3007)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3690340
Zhang XGong HChang RZhou Y(2024)RECAST: Mitigating Conflict-Based Cache Attacks Through Fine-Grained Dynamic MappingIEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.336886219(3758-3771)Online publication date: 2024
https://doi.org/10.1109/TIFS.2024.3368862
Geden MRasmussen K(2023)RegGuardComputers and Security10.1016/j.cose.2023.103213129:COnline publication date: 1-Jun-2023
https://dl.acm.org/doi/10.1016/j.cose.2023.103213

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten