KDPM: Kernel Data Protection Mechanism Using a Memory Protection Key

Hiroki Kuzuno, Toshihiro Yamauchi

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

The kernel data of an operating system kernel can be modified through memory corruption by exploiting kernel vulnerabilities. Memory corruption allows privilege escalation and defeats security mechanisms. The kernel control flow integrity verifies and guarantees the order of invoking kernel codes. The kernel address space layout randomization randomizes the virtual address layout of the kernel code and data. The additional kernel observer focuses on the unintended privilege modifications to restore the original privileges. However, these existing security mechanisms do not prevent writing to the kernel data. Therefore, kernel data can be overwritten by exploiting kernel vulnerabilities. Additionally, privilege escalation and the defeat of security mechanisms are possible. We propose a kernel data protection mechanism (KDPM), which is a novel security design that restricts the writing of specific kernel data. This mechanism protects privileged information and the security mechanism to overcome the limitations of existing approaches. The KDPM adopts a memory protection key (MPK) to control the write restriction of kernel data. The KDPM with the MPK ensures that the writing of privileged information for user processes is dynamically restricted during the invocation of specific system calls. To prevent the security mechanisms from being defeated, the KDPM dynamically restricts the writing of kernel data related to the mandatory access control during the execution of specific kernel codes. Further, the KDPM is implemented on the latest Linux with an MPK emulator. We also evaluated the possibility of preventing the writing of privileged information. The KDPM showed an acceptable performance cost, measured by the overhead, which was from 2.96% to 9.01% of system call invocations, whereas the performance load on the MPK operations was 22.1 ns to 1347.9 ns.

Original languageEnglish
Title of host publicationAdvances in Information and Computer Security - 17th International Workshop on Security, IWSEC 2022, Proceedings
EditorsChen-Mou Cheng, Mitsuaki Akiyama
PublisherSpringer Science and Business Media Deutschland GmbH
Pages66-84
Number of pages19
ISBN (Print)9783031152542
DOIs
Publication statusPublished - 2022
Event17th International Workshop on Security, IWSEC 2022 - Tokyo, Japan
Duration: Aug 31 2022Sep 2 2022

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume13504 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference17th International Workshop on Security, IWSEC 2022
Country/TerritoryJapan
CityTokyo
Period8/31/229/2/22

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)

Fingerprint

Dive into the research topics of 'KDPM: Kernel Data Protection Mechanism Using a Memory Protection Key'. Together they form a unique fingerprint.

Cite this