KPRM: Kernel Page Restriction Mechanism to Prevent Kernel Memory Corruption

Hiroki Kuzuno, Toshihiro Yamauchi


1 被引用数 (Scopus)


An operating system (OS) comprises a mechanism for sharing the kernel address space with each user process. An adversary’s user process compromises the OS kernel through memory corruption, exploiting the kernel vulnerability. It overwrites the kernel code related to security features or the kernel data containing privilege information. Process-local memory and system call isolation divide one kernel address space into multiple kernel address spaces. While user processes create their own kernel address space, these methods leave the kernel code vulnerable. Further, an adversary’s user process can involve malicious code that elevates from user mode to kernel mode. Herein, we propose the kernel page restriction mechanism (KPRM), which is a novel security design that prohibits vulnerable kernel code execution and prevents writing to the kernel data from an adversary’s user process. The KPRM dynamically unmaps the kernel page of vulnerable kernel code and attack target kernel data from the kernel address space. This removes the reference of the unmapped kernel page from the kernel page table at the system call invocation. The KPRM achieves that an adversary’s user process can not employ the reference of unmapped kernel page to exploit the kernel through vulnerable kernel code on the running kernel. We implemented KPRM on the latest Linux kernel and showed that it successfully thwarts actual proof-of-concept kernel vulnerability attacks that may cause kernel memory corruption. In addition, the KPRM performance results indicated limited kernel processing overhead in software benchmarks and a low impact on user applications.

ホスト出版物のタイトルAdvances in Information and Computer Security - 16th International Workshop on Security, IWSEC 2021, Proceedings
編集者Toru Nakanishi, Ryo Nojima
出版社Springer Science and Business Media Deutschland GmbH
出版ステータスPublished - 2021
イベント16th International Workshop on Security, IWSEC 2021 - Virtual, Online
継続期間: 9月 8 20219月 10 2021


名前Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
12835 LNCS


Conference16th International Workshop on Security, IWSEC 2021
CityVirtual, Online

ASJC Scopus subject areas

  • 理論的コンピュータサイエンス
  • コンピュータ サイエンス(全般)


「KPRM: Kernel Page Restriction Mechanism to Prevent Kernel Memory Corruption」の研究トピックを掘り下げます。これらがまとまってユニークなフィンガープリントを構成します。