KASLR is Dead: Long Live KASLR

Daniel Gruss*, Moritz Lipp, Michael Schwarz, Richard Fellner, Clémentine Maurice, Stefan Mangard

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Modern operating system kernels employ address space layout randomization (ASLR) to prevent control-flow hijacking attacks and code-injection attacks. While kernel security relies fundamentally on preventing access to address information, recent attacks have shown that the hardware directly leaks this information. Strictly splitting kernel space and user space has recently been proposed as a theoretical concept to close these side channels. However, this is not trivially possible due to architectural restrictions of the x86 platform. In this paper we present KAISER, a system that overcomes limitations of x86 and provides practical kernel address isolation. We implemented our proof-of-concept on top of the Linux kernel, closing all hardware side channels on kernel address information. KAISER enforces a strict kernel and user space isolation such that the hardware does not hold any information about kernel addresses while running in user mode. We show that KAISER protects against double page fault attacks, prefetch side-channel attacks, and TSX-based side-channel attacks. Finally, we demonstrate that KAISER has a runtime overhead of only 0.28%.

Original languageEnglish
Title of host publicationEngineering Secure Software and Systems - 9th International Symposium, ESSoS 2017, Proceedings
PublisherSpringer-Verlag Italia
Pages161-176
Number of pages16
Volume10379 LNCS
ISBN (Print)9783319621043
DOIs
Publication statusPublished - 2017
Event9th International Symposium on Engineering Secure Software and Systems, ESSoS 2017 - Bonn, Germany
Duration: 3 Jul 20175 Jul 2017

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume10379 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference9th International Symposium on Engineering Secure Software and Systems, ESSoS 2017
CountryGermany
CityBonn
Period3/07/175/07/17

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)

Fingerprint Dive into the research topics of 'KASLR is Dead: Long Live KASLR'. Together they form a unique fingerprint.

  • Projects

    Cite this

    Gruss, D., Lipp, M., Schwarz, M., Fellner, R., Maurice, C., & Mangard, S. (2017). KASLR is Dead: Long Live KASLR. In Engineering Secure Software and Systems - 9th International Symposium, ESSoS 2017, Proceedings (Vol. 10379 LNCS, pp. 161-176). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10379 LNCS). Springer-Verlag Italia. https://doi.org/10.1007/978-3-319-62105-0_11