KDPM: Kernel Data Protection Mechanism Using a Memory Protection Key

Hiroki Kuzuno; Toshihiro Yamauchi

doi:10.1007/978-3-031-15255-9_4

KDPM: Kernel Data Protection Mechanism Using a Memory Protection Key

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

The kernel data of an operating system kernel can be modified through memory corruption by exploiting kernel vulnerabilities. Memory corruption allows privilege escalation and defeats security mechanisms. The kernel control flow integrity verifies and guarantees the order of invoking kernel codes. The kernel address space layout randomization randomizes the virtual address layout of the kernel code and data. The additional kernel observer focuses on the unintended privilege modifications to restore the original privileges. However, these existing security mechanisms do not prevent writing to the kernel data. Therefore, kernel data can be overwritten by exploiting kernel vulnerabilities. Additionally, privilege escalation and the defeat of security mechanisms are possible. We propose a kernel data protection mechanism (KDPM), which is a novel security design that restricts the writing of specific kernel data. This mechanism protects privileged information and the security mechanism to overcome the limitations of existing approaches. The KDPM adopts a memory protection key (MPK) to control the write restriction of kernel data. The KDPM with the MPK ensures that the writing of privileged information for user processes is dynamically restricted during the invocation of specific system calls. To prevent the security mechanisms from being defeated, the KDPM dynamically restricts the writing of kernel data related to the mandatory access control during the execution of specific kernel codes. Further, the KDPM is implemented on the latest Linux with an MPK emulator. We also evaluated the possibility of preventing the writing of privileged information. The KDPM showed an acceptable performance cost, measured by the overhead, which was from 2.96% to 9.01% of system call invocations, whereas the performance load on the MPK operations was 22.1 ns to 1347.9 ns.

Original language	English
Title of host publication	Advances in Information and Computer Security - 17th International Workshop on Security, IWSEC 2022, Proceedings
Editors	Chen-Mou Cheng, Mitsuaki Akiyama
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	66-84
Number of pages	19
ISBN (Print)	9783031152542
DOIs	https://doi.org/10.1007/978-3-031-15255-9_4
Publication status	Published - 2022
Event	17th International Workshop on Security, IWSEC 2022 - Tokyo, Japan Duration: Aug 31 2022 → Sept 2 2022

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	13504 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	17th International Workshop on Security, IWSEC 2022
Country/Territory	Japan
City	Tokyo
Period	8/31/22 → 9/2/22

ASJC Scopus subject areas

Theoretical Computer Science
Computer Science(all)

Access to Document

10.1007/978-3-031-15255-9_4

Cite this

Kuzuno, H., & Yamauchi, T. (2022). KDPM: Kernel Data Protection Mechanism Using a Memory Protection Key. In C-M. Cheng, & M. Akiyama (Eds.), Advances in Information and Computer Security - 17th International Workshop on Security, IWSEC 2022, Proceedings (pp. 66-84). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 13504 LNCS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-031-15255-9_4

KDPM: Kernel Data Protection Mechanism Using a Memory Protection Key. / Kuzuno, Hiroki; Yamauchi, Toshihiro.
Advances in Information and Computer Security - 17th International Workshop on Security, IWSEC 2022, Proceedings. ed. / Chen-Mou Cheng; Mitsuaki Akiyama. Springer Science and Business Media Deutschland GmbH, 2022. p. 66-84 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 13504 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Kuzuno, H & Yamauchi, T 2022, KDPM: Kernel Data Protection Mechanism Using a Memory Protection Key. in C-M Cheng & M Akiyama (eds), Advances in Information and Computer Security - 17th International Workshop on Security, IWSEC 2022, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 13504 LNCS, Springer Science and Business Media Deutschland GmbH, pp. 66-84, 17th International Workshop on Security, IWSEC 2022, Tokyo, Japan, 8/31/22. https://doi.org/10.1007/978-3-031-15255-9_4

Kuzuno H, Yamauchi T. KDPM: Kernel Data Protection Mechanism Using a Memory Protection Key. In Cheng C-M, Akiyama M, editors, Advances in Information and Computer Security - 17th International Workshop on Security, IWSEC 2022, Proceedings. Springer Science and Business Media Deutschland GmbH. 2022. p. 66-84. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-031-15255-9_4

Kuzuno, Hiroki ; Yamauchi, Toshihiro. / KDPM : Kernel Data Protection Mechanism Using a Memory Protection Key. Advances in Information and Computer Security - 17th International Workshop on Security, IWSEC 2022, Proceedings. editor / Chen-Mou Cheng ; Mitsuaki Akiyama. Springer Science and Business Media Deutschland GmbH, 2022. pp. 66-84 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{b16a5c8e52b24703b7cd6c2109798c2d,

title = "KDPM: Kernel Data Protection Mechanism Using a Memory Protection Key",

abstract = "The kernel data of an operating system kernel can be modified through memory corruption by exploiting kernel vulnerabilities. Memory corruption allows privilege escalation and defeats security mechanisms. The kernel control flow integrity verifies and guarantees the order of invoking kernel codes. The kernel address space layout randomization randomizes the virtual address layout of the kernel code and data. The additional kernel observer focuses on the unintended privilege modifications to restore the original privileges. However, these existing security mechanisms do not prevent writing to the kernel data. Therefore, kernel data can be overwritten by exploiting kernel vulnerabilities. Additionally, privilege escalation and the defeat of security mechanisms are possible. We propose a kernel data protection mechanism (KDPM), which is a novel security design that restricts the writing of specific kernel data. This mechanism protects privileged information and the security mechanism to overcome the limitations of existing approaches. The KDPM adopts a memory protection key (MPK) to control the write restriction of kernel data. The KDPM with the MPK ensures that the writing of privileged information for user processes is dynamically restricted during the invocation of specific system calls. To prevent the security mechanisms from being defeated, the KDPM dynamically restricts the writing of kernel data related to the mandatory access control during the execution of specific kernel codes. Further, the KDPM is implemented on the latest Linux with an MPK emulator. We also evaluated the possibility of preventing the writing of privileged information. The KDPM showed an acceptable performance cost, measured by the overhead, which was from 2.96% to 9.01% of system call invocations, whereas the performance load on the MPK operations was 22.1 ns to 1347.9 ns.",

author = "Hiroki Kuzuno and Toshihiro Yamauchi",

note = "Funding Information: Acknowledgment. This work was partially supported by the Japan Society for the Promotion of Science (JSPS) KAKENHI Grant Number JP19H04109 and JP22H03592. Publisher Copyright: {\textcopyright} 2022, The Author(s), under exclusive license to Springer Nature Switzerland AG.; 17th International Workshop on Security, IWSEC 2022 ; Conference date: 31-08-2022 Through 02-09-2022",

year = "2022",

doi = "10.1007/978-3-031-15255-9_4",

language = "English",

isbn = "9783031152542",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "66--84",

editor = "Chen-Mou Cheng and Mitsuaki Akiyama",

booktitle = "Advances in Information and Computer Security - 17th International Workshop on Security, IWSEC 2022, Proceedings",

address = "Germany",

}

TY - GEN

T1 - KDPM

T2 - 17th International Workshop on Security, IWSEC 2022

AU - Kuzuno, Hiroki

AU - Yamauchi, Toshihiro

N1 - Funding Information: Acknowledgment. This work was partially supported by the Japan Society for the Promotion of Science (JSPS) KAKENHI Grant Number JP19H04109 and JP22H03592. Publisher Copyright: © 2022, The Author(s), under exclusive license to Springer Nature Switzerland AG.

PY - 2022

Y1 - 2022

N2 - The kernel data of an operating system kernel can be modified through memory corruption by exploiting kernel vulnerabilities. Memory corruption allows privilege escalation and defeats security mechanisms. The kernel control flow integrity verifies and guarantees the order of invoking kernel codes. The kernel address space layout randomization randomizes the virtual address layout of the kernel code and data. The additional kernel observer focuses on the unintended privilege modifications to restore the original privileges. However, these existing security mechanisms do not prevent writing to the kernel data. Therefore, kernel data can be overwritten by exploiting kernel vulnerabilities. Additionally, privilege escalation and the defeat of security mechanisms are possible. We propose a kernel data protection mechanism (KDPM), which is a novel security design that restricts the writing of specific kernel data. This mechanism protects privileged information and the security mechanism to overcome the limitations of existing approaches. The KDPM adopts a memory protection key (MPK) to control the write restriction of kernel data. The KDPM with the MPK ensures that the writing of privileged information for user processes is dynamically restricted during the invocation of specific system calls. To prevent the security mechanisms from being defeated, the KDPM dynamically restricts the writing of kernel data related to the mandatory access control during the execution of specific kernel codes. Further, the KDPM is implemented on the latest Linux with an MPK emulator. We also evaluated the possibility of preventing the writing of privileged information. The KDPM showed an acceptable performance cost, measured by the overhead, which was from 2.96% to 9.01% of system call invocations, whereas the performance load on the MPK operations was 22.1 ns to 1347.9 ns.

AB - The kernel data of an operating system kernel can be modified through memory corruption by exploiting kernel vulnerabilities. Memory corruption allows privilege escalation and defeats security mechanisms. The kernel control flow integrity verifies and guarantees the order of invoking kernel codes. The kernel address space layout randomization randomizes the virtual address layout of the kernel code and data. The additional kernel observer focuses on the unintended privilege modifications to restore the original privileges. However, these existing security mechanisms do not prevent writing to the kernel data. Therefore, kernel data can be overwritten by exploiting kernel vulnerabilities. Additionally, privilege escalation and the defeat of security mechanisms are possible. We propose a kernel data protection mechanism (KDPM), which is a novel security design that restricts the writing of specific kernel data. This mechanism protects privileged information and the security mechanism to overcome the limitations of existing approaches. The KDPM adopts a memory protection key (MPK) to control the write restriction of kernel data. The KDPM with the MPK ensures that the writing of privileged information for user processes is dynamically restricted during the invocation of specific system calls. To prevent the security mechanisms from being defeated, the KDPM dynamically restricts the writing of kernel data related to the mandatory access control during the execution of specific kernel codes. Further, the KDPM is implemented on the latest Linux with an MPK emulator. We also evaluated the possibility of preventing the writing of privileged information. The KDPM showed an acceptable performance cost, measured by the overhead, which was from 2.96% to 9.01% of system call invocations, whereas the performance load on the MPK operations was 22.1 ns to 1347.9 ns.

UR - http://www.scopus.com/inward/record.url?scp=85136930048&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85136930048&partnerID=8YFLogxK

U2 - 10.1007/978-3-031-15255-9_4

DO - 10.1007/978-3-031-15255-9_4

M3 - Conference contribution

AN - SCOPUS:85136930048

SN - 9783031152542

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 66

EP - 84

BT - Advances in Information and Computer Security - 17th International Workshop on Security, IWSEC 2022, Proceedings

A2 - Cheng, Chen-Mou

A2 - Akiyama, Mitsuaki

PB - Springer Science and Business Media Deutschland GmbH

Y2 - 31 August 2022 through 2 September 2022

ER -

KDPM: Kernel Data Protection Mechanism Using a Memory Protection Key

Abstract

Publication series

Conference

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this