微信服务号

微信订阅号

2025-4-6- 3
Home > Archive>Volume 27, Issue 5, 2016 >1309-1324. DOI:10.13328/j.cnki.jos.005017
PDF HTML XML Export Cite reminder
Method to Efficiently Protect Applications from Untrusted OS Kernel
Author:
Affiliation:

Fund Project:

National Natural Science Foundation of China (61170070, 61572248, 61431008, 61321491); National Key Technology R&D Program of China (2012BAK26B01); Program B for Outstanding Ph.D. Candidate of Nanjing University of China (2015)

  • Article
    • | |
  • Metrics
    • |
  • Reference [30]
    • |
  • Related
    • |
  • Cited by
    • | |
  • Comments
    Abstract:

    In commodity OS, the OS kernel runs in the highest privilege layer to manage hardware resources and provides system services. Thus, security-sensitive applications are vulnerable to compromises the underlying untrusted kernel. In this paper, an approach named AppFort is proposed to protect applications from an untrusted OS kernel. To address the high overheads of existing solutions, AppFort makes use of the unique combination of an x86 hardware feature (operand address size), kernel code integrity protection and kernel control flow integrity protection, to intercept and verify both hardware and software operations of the untrusted kernel. As a result, AppFort efficiently protects application's memory, control flows and file I/O, even if the kernel is fully compromised. Experimental results demonstrate that AppFort only incurs very small overhead, which is much better than previous work.

    Reference
    [1] Chen X, Garfinkel T, Lewis EC, Subrahmanyam P, Waldspurger CA, Boneh D, Dwoskin J, Ports DR. Overshadow:A virtualization-based approach to retrofitting protection in commodity operating systems. In:Proc. of the Int'l Conf. on Architectural Support for Programming Languages and Operating Systems (ASPLOS). 2008. 2-13.[doi:10.1145/1346281.1346284]
    [2] Hofmann OS, Kim S, Dunn AM. Inktag:Secure applications on an untrusted operating system. In:Proc. of the Int'l Conf. on Architectural Support for Programming Languages and Operating Systems (ASPLOS). 2013. 265-278.[doi:10.1145/2451116.2451146]
    [3] Criswell J, Dautenhahn N, Adve V. Virtual Ghost:Protecting applications from hostile operating systems. In:Proc. of the Int'l Conf. on Architectural Support for Programming Languages and Operating Systems (ASPLOS). 2014. 81-96.[doi:10.1145/2541940.2541986]
    [4] Shacham H. The geometry of innocent flesh on the bone:Return-into-libc without function calls (on the x86). In:Proc. of the ACM Conf. on Computer and Communications Security (CCS). 2007. 552-561.[doi:10.1145/1315245.1315313]
    [5] Zhang C, Wei T, Chen Z, Duan L, Szekeres L, McCamant S, Zou W. Practical control flow integrity and randomization for binary executables. In:Proc. of the IEEE Symp. on Security and Privacy (S&P). 2013. 559-573.[doi:10.1109/SP.2013.44]
    [6] Niu B, Tan G. Monitor integrity protection with space efficiency and separate compilation. In:Proc. of the ACM Conf. on Computer and Communications Security (CCS). 2013. 199-210.[doi:10.1145/2508859.2516649]
    [7] Mcvoy LW, Staelin C. Lmbench:Portable tools for performance analysis. In:Proc. of the USENIX Annual Technical Conf. 1996. 23-23.
    [8] Postmark. Email Delivery for Web Apps. 2013.
    [9] Dokuwiki. 2015. http://www.dokuwiki.org
    [10] Henning JL. SPEC CPU2006 benchmark descriptions. ACM SIGARCH Computer Architecture News, 2006,34(4):1-17.[doi:10.1145/1186736.1186737]
    [11] Intel Corporation. Intel Architecture Instruction Set Extensions Programming Reference. 2012.
    [12] ARM Limited. ARM Security Technology:Building a Secure System Using Trustzone Technology. 2009.
    [13] Dwoskin JS, Lee RB. Hardware-Rooted trust for secure key management and transient trust. In:Proc. of the ACM Conf. on Computer and Communications Security (CCS). 2007. 389-400.[doi:10.1145/1315245.1315294]
    [14] Lee RB, Kwan PCS, McGregor JP, Dwoskin J, Wang Z. Architecture for protecting critical secrets in microprocessors. In:Proc. of the Int'l Symp. on Computer Architecture (ISCA). 2005. 2-13.[doi:10.1109/ISCA.2005.14]
    [15] Lie D, Thekkath CA, Horowitz M. Implementing an untrusted operating system on trusted hardware. In:Proc. of ACM Symp. on Operating Systems Principles (SOSP). 2003. 178-192.[doi:10.1145/945445.945463]
    [16] Lie D, Thekkath CA, Mitchell M, Lincoln P. Architectural support for copy and tamper resistant software. In:Proc. of the Int'l Conf. on Architectural Support for Programming Languages and Operating Systems (ASPLOS). 2000. 168-177.[doi:10.1145/378993.379237]
    [17] Shi W, Fryman JB, Gu G, Lee HHS, Zhang Y, Yang J. Infoshield:A security architecture for protecting information usage in memory. In:Proc. of the Int'l Symp. on High Performance Computer Architecture (HPCA). 2006. 222-231.[doi:10.1109/HPCA. 2006.1598131]
    [18] McCune JM, Parno B, Perrig A, Reiter MK, Isozaki H. Flicker:An execution infrastructure for TCB minimization. In:Proc. of the ACM European Conf. on Computer Systems (EuroSys). 2008. 315-328.[doi:10.1145/1352592.1352625]
    [19] McCune JM, Li Y, Qu N, Zhou Z, Datta A, Gligor V, Perrig A. TrustVisor:Efficient TCB reduction and attestation. In:Proc. of the IEEE Symp. on Security and Privacy (S&P). 2010. 143-158.[doi:10.1109/SP.2010.17]
    [20] Parno B, Lorch JR, Douceur JR, Mickens J, McCune JM. Memoir:Practical state continuity for protected modules. In:Proc. of the IEEE Symp. on Security and Privacy (S&P). 2011. 379-394.[doi:10.1109/SP.2011.38]
    [21] Strackx R, Piessens F. Fides:Selectively hardening software application components against kernel-level or process-level malware. In:Proc. of the ACM Conf. on Computer and Communications Security (CCS). 2012. 2-13.[doi:10.1145/2382196.2382200]
    [22] Zhou Z, Gligor VD, Newsome J, McCune JM. Building verifiable trusted path on commodity x86 computers. In:Proc. of the IEEE Symp. on Security and Privacy (S&P). 2012. 616-630.[doi:10.1109/SP.2012.42]
    [23] Cheng Y, Ding X, Deng RH. DriverGuard:Virtualization-Based fine-grained protection on I/O flows. ACM Trans. on Information and System Security, 2013,16(2):Article 6.[doi:10.1145/2505123]
    [24] Dolan B, Leek T, Zhivich M, Giffin J, Lee W. Virtuoso:Narrowing the semantic gap in virtual machine introspection. In:Proc. of the the IEEE Symp. on Security and Privacy. Oakland, 2011. 297-312.[doi:10.1109/SP.2011.11]
    [25] Fu Y, Lin Z. Space traveling across VM:Automatically bridging the semantic gap in virtual machine introspection via online kernel data redirection. In:Proc. of the IEEE Symp. on Security and Privacy. Oakland, 2012. 586-600.[doi:10.1109/SP.2012.40]
    [26] Srinivasan D, Wang Z, Jiang X, Xu D. Process out-grafting:An efficient out-of-VM approach for fine-grained process execution monitoring. In:Proc. of the ACM Conf. on Computer and Communications Security (CCS). 2011. 363-374.[doi:10.1145/2046707. 2046751]
    [27] Seshadri A, Luk M, Qu N, Perrig A. Secvisor:A tiny hypervisor to provide lifetime kernel code integrity for commodity OSes. In:Proc. of the ACM Symp. on Operating Systems Principles (SOSP). 2007. 335-350.[doi:10.1145/1294261.1294294]
    [28] Criswell J, Dautenhahn N, Adve V. KCoFI:Complete ccontrol-flow integrity for commodity operating system kernels. In:Proc. of the IEEE Symp. on Security and Privacy. Oakland, 2014. 292-307.[doi:10.1109/SP.2014.26]
    [29] Hofmann OS, Dunn AM, Kim S, Roy I, Witchel E. Ensuring operating system kernel integrity with OSck. In:Proc. of the Int'l Conf. on Architectural Support for Programming Languages and Operating Systems (ASPLOS). 2011. 279-290.[doi:10.1145/1950365.1950398]
    [30] Wang Z, Jiang X, Cui W, Ning P. Countering kernel rootkits with lightweight hook protection. In:Proc. of the ACM Conf. on Computer and Communications Security (CCS). 2009. 545-554.[doi:10.1145/1653662.1653728]
    Related
    Cited by
    Comments
    Comments
    分享到微博
    Submit
Get Citation

邓良,曾庆凯.一种在不可信操作系统内核中高效保护应用程序的方法.软件学报,2016,27(5):1309-1324

Copy
Share
Article Metrics
  • Abstract:3266
  • PDF: 5428
  • HTML: 1565
  • Cited by: 0
History
  • Received:June 29,2015
  • Revised:September 23,2015
  • Online: January 18,2016
Links:Institute of Software, CASChina Computer FederationCASNSFC
You are the first2033283Visitors
Copyright: Institute of Software, Chinese Academy of Sciences Beijing ICP No. 05046678-4
Address:4# South Fourth Street, Zhong Guan Cun, Beijing 100190,Postal Code:100190
Phone:010-62562563 Fax:010-62562533 Email:jos@iscas.ac.cn
Technical Support:Beijing Qinyun Technology Development Co., Ltd.

Beijing Public Network Security No. 11040202500063