近年来，许多针对内存错误的应用程序级对策的部署以及内核中发现的漏洞数量不断增加，重新激发了对内核级利用的兴趣。不幸的是，由于该领域相对较新的发展和所涉及的挑战，不存在全面和完善的机制来保护操作系统免受任意攻击。

在本文中，我们提出了操作系统 (OS) 内细粒度地址空间随机化 (ASR) 的第一个设计，为经典和新兴攻击（例如面向返回编程）提供了有效而全面的对策。为了激励我们的设计，我们调查了与应用程序级 ASR 的差异，并发现现有解决方案中的一些完善假设在操作系统内部不再有效；最重要的是，信息泄露可能成为新环境下的一个主要问题。我们表明，在不影响软件分发模型的情况下，我们的 ASR 策略在性能和安全性方面均优于最先进的解决方案。最后，我们提出了第一个全面的实时重新随机化策略，我们发现该策略在操作系统内部尤为重要。实验结果表明，我们的技术产生低运行时性能开销（在 SPEC 和系统调用密集型基准测试中平均低于 5%）和有限的运行时内存占用增加（在我们的基准测试执行期间大约 15%）。我们相信我们的技术可以在不影响操作系统的性能和可靠性的情况下大大提高操作系统的安全级别。


(In recent years, the deployment of many application-level countermeasures against memory errors and the increasing number of vulnerabilities discovered in the kernel has fostered a renewed interest in kernel-level exploitation. Unfortunately, no comprehensive and well-established mechanism exists to protect the operating system from arbitrary attacks, due to the relatively new development of the area and the challenges involved.

In this paper, we propose the first design for fine-grained address space randomization (ASR) inside the operating system (OS), providing an efficient and comprehensive countermeasure against classic and emerging attacks, such as return-oriented programming. To motivate our design, we investigate the differences with application-level ASR and find that some of the well-established assumptions in existing solutions are no longer valid inside the OS; above all, perhaps, that information leakage becomes a major concern in the new context. We show that our ASR strategy outperforms state-of-the-art solutions in terms of both performance and security without affecting the software distribution model. Finally, we present the first comprehensive live re-randomization strategy, which we found to be particularly important inside the OS. Experimental results demonstrate that our techniques yield low run-time performance overhead (less than 5% on average on both SPEC and syscall-intensive benchmarks) and limited run-time memory footprint increase (around 15% during the execution of our benchmarks). We believe our techniques can greatly enhance the level of OS security without compromising the performance and reliability of the OS.)

1624856058857.rar

2021-6-28 12:54 上传

文件大小: 398 KB
下载次数: 0

近年来，许多针对内存错误的应用程序级对策的部署以及内核中发现的漏洞数量不断增加，重新激发了对内核级利用的兴趣。不幸的是，由于该领域相对较新的发展和所涉及的挑战，不存在全面和完善的机制来保护操作系统免受任意攻击。

在本文中，我们提出了操作系统 (OS) 内细粒度地址空间随机化 (ASR) 的第一个设计，为经典和新兴攻击（例如面向返回编程）提供了有效而全面的对策。为了激励我们的设计，我们调查了与应用程序级 ASR 的差异，并发现现有解决方案中的一些完善假设在操作系统内部不再有效；最重要的是，信息泄露可能成为新环境下的一个主要问题。我们表明，在不影响软件分发模型的情况下，我们的 ASR 策略在性能和安全性方面均优于最先进的解决方案。最后，我们提出了第一个全面的实时重新随机化策略，我们发现该策略在操作系统内部尤为重要。实验结果表明，我们的技术产生低运行时性能开销（在 SPEC 和系统调用密集型基准测试中平均低于 5%）和有限的运行时内存占用增加（在我们的基准测试执行期间大约 15%）。我们相信我们的技术可以在不影响操作系统的性能和可靠性的情况下大大提高操作系统的安全级别。


(In recent years, the deployment of many application-level countermeasures against memory errors and the increasing number of vulnerabilities discovered in the kernel has fostered a renewed interest in kernel-level exploitation. Unfortunately, no comprehensive and well-established mechanism exists to protect the operating system from arbitrary attacks, due to the relatively new development of the area and the challenges involved.

In this paper, we propose the first design for fine-grained address space randomization (ASR) inside the operating system (OS), providing an efficient and comprehensive countermeasure against classic and emerging attacks, such as return-oriented programming. To motivate our design, we investigate the differences with application-level ASR and find that some of the well-established assumptions in existing solutions are no longer valid inside the OS; above all, perhaps, that information leakage becomes a major concern in the new context. We show that our ASR strategy outperforms state-of-the-art solutions in terms of both performance and security without affecting the software distribution model. Finally, we present the first comprehensive live re-randomization strategy, which we found to be particularly important inside the OS. Experimental results demonstrate that our techniques yield low run-time performance overhead (less than 5% on average on both SPEC and syscall-intensive benchmarks) and limited run-time memory footprint increase (around 15% during the execution of our benchmarks). We believe our techniques can greatly enhance the level of OS security without compromising the performance and reliability of the OS.)

1624856058857.rar

2021-6-28 12:54 上传

文件大小: 398 KB
下载次数: 0