Abstract
While kernel security relies fundamentally on preventing access to address information, recent attacks have shown that the hardware directly leaks this information.
Strictly splitting kernel space and user space has recently been proposed as a theoretical concept to close these side channels. However, this is not trivially possible due to architectural restrictions of the x86 platform.
In this paper we present KAISER, a system that overcomes limitations of x86 and provides practical kernel address isolation.
We implemented our proof-of-concept on top of the Linux kernel, closing all hardware side channels on kernel address information.
KAISER enforces a strict kernel and user space isolation such that the hardware does not hold any information about kernel addresses while running in user mode.
We show that KAISER protects against double page fault attacks, prefetch side-channel attacks, and TSX-based side-channel attacks.
Finally, we demonstrate that KAISER has a runtime overhead of only 0.28%.
| Originalsprache | englisch |
|---|---|
| Titel | Engineering Secure Software and Systems - 9th International Symposium, ESSoS 2017, Proceedings |
| Herausgeber (Verlag) | Springer-Verlag Italia |
| Seiten | 161-176 |
| Seitenumfang | 16 |
| Band | 10379 LNCS |
| ISBN (Print) | 9783319621043 |
| DOIs | |
| Publikationsstatus | Veröffentlicht - 2017 |
| Veranstaltung | 9th International Symposium on Engineering Secure Software and Systems, ESSoS 2017 - Bonn, Deutschland Dauer: 3 Jul 2017 → 5 Jul 2017 |
Publikationsreihe
| Name | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) |
|---|---|
| Band | 10379 LNCS |
| ISSN (Print) | 0302-9743 |
| ISSN (elektronisch) | 1611-3349 |
Konferenz
| Konferenz | 9th International Symposium on Engineering Secure Software and Systems, ESSoS 2017 |
|---|---|
| Land | Deutschland |
| Ort | Bonn |
| Zeitraum | 3/07/17 → 5/07/17 |
Fingerprint
ASJC Scopus subject areas
- !!Theoretical Computer Science
- !!Computer Science(all)
Dies zitieren
KASLR is Dead : Long Live KASLR. / Gruss, Daniel; Lipp, Moritz; Schwarz, Michael; Fellner, Richard; Maurice, Clémentine; Mangard, Stefan.
Engineering Secure Software and Systems - 9th International Symposium, ESSoS 2017, Proceedings. Band 10379 LNCS Springer-Verlag Italia, 2017. S. 161-176 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Band 10379 LNCS).Publikation: Beitrag in Buch/Bericht/Konferenzband › Beitrag in einem Konferenzband › Forschung › Begutachtung
}
TY - GEN
T1 - KASLR is Dead
T2 - Long Live KASLR
AU - Gruss, Daniel
AU - Lipp, Moritz
AU - Schwarz, Michael
AU - Fellner, Richard
AU - Maurice, Clémentine
AU - Mangard, Stefan
PY - 2017
Y1 - 2017
N2 - Modern operating system kernels employ address space layout randomization (ASLR) to prevent control-flow hijacking attacks and code-injection attacks. While kernel security relies fundamentally on preventing access to address information, recent attacks have shown that the hardware directly leaks this information. Strictly splitting kernel space and user space has recently been proposed as a theoretical concept to close these side channels. However, this is not trivially possible due to architectural restrictions of the x86 platform. In this paper we present KAISER, a system that overcomes limitations of x86 and provides practical kernel address isolation. We implemented our proof-of-concept on top of the Linux kernel, closing all hardware side channels on kernel address information. KAISER enforces a strict kernel and user space isolation such that the hardware does not hold any information about kernel addresses while running in user mode. We show that KAISER protects against double page fault attacks, prefetch side-channel attacks, and TSX-based side-channel attacks. Finally, we demonstrate that KAISER has a runtime overhead of only 0.28%.
AB - Modern operating system kernels employ address space layout randomization (ASLR) to prevent control-flow hijacking attacks and code-injection attacks. While kernel security relies fundamentally on preventing access to address information, recent attacks have shown that the hardware directly leaks this information. Strictly splitting kernel space and user space has recently been proposed as a theoretical concept to close these side channels. However, this is not trivially possible due to architectural restrictions of the x86 platform. In this paper we present KAISER, a system that overcomes limitations of x86 and provides practical kernel address isolation. We implemented our proof-of-concept on top of the Linux kernel, closing all hardware side channels on kernel address information. KAISER enforces a strict kernel and user space isolation such that the hardware does not hold any information about kernel addresses while running in user mode. We show that KAISER protects against double page fault attacks, prefetch side-channel attacks, and TSX-based side-channel attacks. Finally, we demonstrate that KAISER has a runtime overhead of only 0.28%.
UR - http://www.scopus.com/inward/record.url?scp=85022336589&partnerID=8YFLogxK
U2 - 10.1007/978-3-319-62105-0_11
DO - 10.1007/978-3-319-62105-0_11
M3 - Conference contribution
SN - 9783319621043
VL - 10379 LNCS
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 161
EP - 176
BT - Engineering Secure Software and Systems - 9th International Symposium, ESSoS 2017, Proceedings
PB - Springer-Verlag Italia
ER -