Quantifiable Run-Time Kernel Attack Surface Reduction

Kurmus, Anil; Dechand, Sergej; Kapitza, Rüdiger

doi:10.1007/978-3-319-08509-8_12

Cited by 23 publications

(21 citation statements)

References 41 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…DRIP [37] eliminates malicious logic from a trojaned kernel driver by iteratively trimming away unnecessary code from the based on off-line profiling. Besides these off-line kernel reduction works, kRazor [43] is an OS mechanism that restricts accesses to kernel code from user-level applications based on run-time profiling of workloads. FACE-CHANGE [36] identifies the minimized kernel memory for each application based on runtime profiling and projects the memory while the application is in production using virtualization techniques.…”

Section: Related Workmentioning

confidence: 99%

Securing Real-Time Microcontroller Systems through Customized Memory View Switching

Kim

Choi

et al. 2018

Proceedings 2018 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

Real-time microcontrollers have been widely adopted in cyber-physical systems that require both real-time and security guarantees. Unfortunately, security is sometimes traded for real-time performance in such systems. Notably, memory isolation, which is one of the most established security features in modern computer systems, is typically not available in many real-time microcontroller systems due to its negative impacts on performance and violation of real-time constraints. As such, the memory space of these systems has created an open, monolithic attack surface that attackers can target to subvert the entire systems. In this paper, we present MINION, a security architecture that intends to virtually partition the memory space and enforce memory access control of a real-time microcontroller. MINION can automatically identify the reachable memory regions of realtime processes through off-line static analysis on the system's firmware and conduct run-time memory access control through hardware-based enforcement. Our evaluation results demonstrate that, by significantly reducing the memory space that each process can access, MINION can effectively protect a microcontroller from various attacks that were previously viable. In addition, unlike conventional memory isolation mechanisms that might incur substantial performance overhead, the lightweight design of MINION is able to maintain the real-time properties of the microcontroller.

show abstract

Section: Related Workmentioning

confidence: 99%

Securing Real-Time Microcontroller Systems through Customized Memory View Switching

Kim

Choi

et al. 2018

Proceedings 2018 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

show abstract

“…It can protect the kernel against code injection attacks. KRazor [11] is an approach to reduce the kernel attack surface by limiting the amount of kernel code accessible to an application and can detect and prevent uses of unnecessary kernel functions by a process. Kernel ASLR [12] can protect the important kernel data structures and function-pointers by randomizing the address space layouts of them.…”

Section: Related Workmentioning

confidence: 99%

Security Identifier Randomization: A Method to Prevent Kernel Privilege-Escalation Attacks

Wei

Zuo

Ding

et al. 2016

2016 30th International Conference on Advanced Information Networking and Applications Workshops (WAINA)

View full text Add to dashboard Cite

Privilege escalation attack is one of the serious threats to Linux. So the protection of the root user is an important requirement for Linux systems and SELinux has tackled this issue in some degree. But by exploiting kernel privilege-escalation vulnerabilities, the attackers can tamper security identifiers allocated for the process's security contexts, which are the foundation of SELinux enforcing access control. So we propose security identifier randomization method, which can increase the difficulty of kernel privilege-escalation attacks. This method is application transparent and its influence on overall system performance is within 1%.

show abstract

“…But it cannot defense the attack method proposed in this paper, for the relative address is used in our attack. Other academic achievements, such as kRazor [34] and randomization of structures in kernel [35], are limited to large-scale promotion 9 Wireless Communications and Mobile Computing application for the compatibility with the commercial distribution of Linux.…”

Section: Security Analysismentioning

confidence: 99%

SLR-SELinux: Enhancing the Security Footstone of SEAndroid with Security Label Randomization

Ding

Dong

et al. 2020

Wireless Communications and Mobile Computing

View full text Add to dashboard Cite

The root privilege escalation attack is extremely destructive to the security of the Android system. SEAndroid implements mandatory access control to the system through the SELinux security policy at the kernel mode, making the general root privilege escalation attacks unenforceable. However, malicious attackers can exploit the Linux kernel vulnerability of privilege escalation to modify the SELinux security labels of the process arbitrarily to obtain the desired permissions and undermine system security. Therefore, investigating the protection method of the security labels in the SELinux kernel is urgent. And the impact on the existing security configuration of the system must also be reduced. This paper proposes an optimization scheme of the SELinux mechanism based on security label randomization to solve the aforementioned problem. At the system runtime, the system randomizes the mapping of the security labels inside and outside the kernel to protect the privileged security labels of the system from illegal obtainment and tampering by attackers. This method is transparent to users; therefore, users do not need to modify the existing system security configuration. A tamper-proof detection method of SELinux security label is also proposed to further improve the security of the method. It detects and corrects the malicious tampering behaviors of the security label in the critical process of the system timely. The above methods are implemented in the Linux system, and the effectiveness of security defense is proven through theoretical analysis and experimental verification. Numerous experiments show that the effect of this method on system performance is less than 1%, and the success probability of root privilege escalation attack is less than 10−9.

show abstract

Quantifiable Run-Time Kernel Attack Surface Reduction

Cited by 23 publications

References 41 publications

Securing Real-Time Microcontroller Systems through Customized Memory View Switching

Securing Real-Time Microcontroller Systems through Customized Memory View Switching

Security Identifier Randomization: A Method to Prevent Kernel Privilege-Escalation Attacks

SLR-SELinux: Enhancing the Security Footstone of SEAndroid with Security Label Randomization

Contact Info

Product

Resources

About