Arias, Orlando ; Gens, David ; Jin, Yier ; Liebchen, Christopher ; Sadeghi, Ahmad-Reza ; Sullivan, Dean (2017)
LAZARUS: Practical Side-channel Resilient Kernel-Space Randomization.
Konferenzveröffentlichung, Bibliographie
Kurzbeschreibung (Abstract)
Kernel exploits are most commonly used for privilege escalation to take full control over a system, e.g., by conducting a code-reuse attack. For this reason modern kernels are hardened with Kernel Address Space Layout Randomization (KASLR), which randomizes the start address of the kernel code section at boot time. Hence, the attacker first has to bypass the randomization, to conduct the attack using an adjusted payload in a second step. Recently, researchers demonstrated that attackers can use unprivileged instructions to access timing side channels through the paging subsystem of the processor. This can be exploited to reveal the randomization secret, even in the absence of any information-disclosure vulnerabilities in the software. In this paper we present LAZARUS, a novel technique to harden KASLR against paging-based side-channel attacks. In particular, our scheme allows for fine-grained protection of the virtual memory mappings that implement the randomization. We demonstrate the effectiveness of our approach by hardening a recent Linux kernel with LAZARUS, mitigating all of the previously presented side-channel attacks on KASLR. Our extensive evaluation shows that LAZARUS incurs only 0.943% overhead for standard benchmarks, and is therefore highly practical.
Typ des Eintrags: | Konferenzveröffentlichung |
---|---|
Erschienen: | 2017 |
Autor(en): | Arias, Orlando ; Gens, David ; Jin, Yier ; Liebchen, Christopher ; Sadeghi, Ahmad-Reza ; Sullivan, Dean |
Art des Eintrags: | Bibliographie |
Titel: | LAZARUS: Practical Side-channel Resilient Kernel-Space Randomization |
Sprache: | Deutsch |
Publikationsjahr: | September 2017 |
Buchtitel: | 20th International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2017) |
Kurzbeschreibung (Abstract): | Kernel exploits are most commonly used for privilege escalation to take full control over a system, e.g., by conducting a code-reuse attack. For this reason modern kernels are hardened with Kernel Address Space Layout Randomization (KASLR), which randomizes the start address of the kernel code section at boot time. Hence, the attacker first has to bypass the randomization, to conduct the attack using an adjusted payload in a second step. Recently, researchers demonstrated that attackers can use unprivileged instructions to access timing side channels through the paging subsystem of the processor. This can be exploited to reveal the randomization secret, even in the absence of any information-disclosure vulnerabilities in the software. In this paper we present LAZARUS, a novel technique to harden KASLR against paging-based side-channel attacks. In particular, our scheme allows for fine-grained protection of the virtual memory mappings that implement the randomization. We demonstrate the effectiveness of our approach by hardening a recent Linux kernel with LAZARUS, mitigating all of the previously presented side-channel attacks on KASLR. Our extensive evaluation shows that LAZARUS incurs only 0.943% overhead for standard benchmarks, and is therefore highly practical. |
Freie Schlagworte: | Solutions; S2;ICRI-SC |
ID-Nummer: | TUD-CS-2017-0115 |
Fachbereich(e)/-gebiet(e): | 20 Fachbereich Informatik 20 Fachbereich Informatik > Systemsicherheit DFG-Sonderforschungsbereiche (inkl. Transregio) DFG-Sonderforschungsbereiche (inkl. Transregio) > Sonderforschungsbereiche Profilbereiche Profilbereiche > Cybersicherheit (CYSEC) DFG-Sonderforschungsbereiche (inkl. Transregio) > Sonderforschungsbereiche > SFB 1119: CROSSING – Kryptographiebasierte Sicherheitslösungen als Grundlage für Vertrauen in heutigen und zukünftigen IT-Systemen |
Hinterlegungsdatum: | 29 Mai 2017 15:58 |
Letzte Änderung: | 02 Mai 2019 11:05 |
PPN: | |
Export: | |
Suche nach Titel in: | TUfind oder in Google |
Frage zum Eintrag |
Optionen (nur für Redakteure)
Redaktionelle Details anzeigen |