TU Darmstadt / ULB / TUbiblio

LAZARUS: Practical Side-channel Resilient Kernel-Space Randomization

Arias, Orlando and Gens, David and Jin, Yier and Liebchen, Christopher and Sadeghi, Ahmad-Reza and Sullivan, Dean :
LAZARUS: Practical Side-channel Resilient Kernel-Space Randomization.
20th International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2017)
[Conference or Workshop Item] , (2017)

Abstract

Kernel exploits are most commonly used for privilege escalation to take full control over a system, e.g., by conducting a code-reuse attack. For this reason modern kernels are hardened with Kernel Address Space Layout Randomization (KASLR), which randomizes the start address of the kernel code section at boot time. Hence, the attacker first has to bypass the randomization, to conduct the attack using an adjusted payload in a second step. Recently, researchers demonstrated that attackers can use unprivileged instructions to access timing side channels through the paging subsystem of the processor. This can be exploited to reveal the randomization secret, even in the absence of any information-disclosure vulnerabilities in the software. In this paper we present LAZARUS, a novel technique to harden KASLR against paging-based side-channel attacks. In particular, our scheme allows for fine-grained protection of the virtual memory mappings that implement the randomization. We demonstrate the effectiveness of our approach by hardening a recent Linux kernel with LAZARUS, mitigating all of the previously presented side-channel attacks on KASLR. Our extensive evaluation shows that LAZARUS incurs only 0.943% overhead for standard benchmarks, and is therefore highly practical.

Item Type: Conference or Workshop Item
Erschienen: 2017
Creators: Arias, Orlando and Gens, David and Jin, Yier and Liebchen, Christopher and Sadeghi, Ahmad-Reza and Sullivan, Dean
Title: LAZARUS: Practical Side-channel Resilient Kernel-Space Randomization
Language: German
Abstract:

Kernel exploits are most commonly used for privilege escalation to take full control over a system, e.g., by conducting a code-reuse attack. For this reason modern kernels are hardened with Kernel Address Space Layout Randomization (KASLR), which randomizes the start address of the kernel code section at boot time. Hence, the attacker first has to bypass the randomization, to conduct the attack using an adjusted payload in a second step. Recently, researchers demonstrated that attackers can use unprivileged instructions to access timing side channels through the paging subsystem of the processor. This can be exploited to reveal the randomization secret, even in the absence of any information-disclosure vulnerabilities in the software. In this paper we present LAZARUS, a novel technique to harden KASLR against paging-based side-channel attacks. In particular, our scheme allows for fine-grained protection of the virtual memory mappings that implement the randomization. We demonstrate the effectiveness of our approach by hardening a recent Linux kernel with LAZARUS, mitigating all of the previously presented side-channel attacks on KASLR. Our extensive evaluation shows that LAZARUS incurs only 0.943% overhead for standard benchmarks, and is therefore highly practical.

Title of Book: 20th International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2017)
Uncontrolled Keywords: S2;ICRI-SC
Divisions: Department of Computer Science
Department of Computer Science > System Security Lab
DFG-Collaborative Research Centres (incl. Transregio)
DFG-Collaborative Research Centres (incl. Transregio) > Collaborative Research Centres
Profile Areas
Profile Areas > Cybersecurity (CYSEC)
DFG-Collaborative Research Centres (incl. Transregio) > Collaborative Research Centres > CRC 1119: CROSSING – Cryptography-Based Security Solutions: Enabling Trust in New and Next Generation Computing Environments
Date Deposited: 29 May 2017 15:58
Identification Number: TUD-CS-2017-0115
Export:

Optionen (nur für Redakteure)

View Item View Item