Skip to main content
SpringerLink
Log in

KDPM: Kernel Data Protection Mechanism Using a Memory Protection Key

  • Conference paper
  • First Online:
Advances in Information and Computer Security (IWSEC 2022)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13504))

Included in the following conference series:

Abstract

The kernel data of an operating system kernel can be modified through memory corruption by exploiting kernel vulnerabilities. Memory corruption allows privilege escalation and defeats security mechanisms. The kernel control flow integrity verifies and guarantees the order of invoking kernel codes. The kernel address space layout randomization randomizes the virtual address layout of the kernel code and data. The additional kernel observer focuses on the unintended privilege modifications to restore the original privileges. However, these existing security mechanisms do not prevent writing to the kernel data. Therefore, kernel data can be overwritten by exploiting kernel vulnerabilities. Additionally, privilege escalation and the defeat of security mechanisms are possible.

We propose a kernel data protection mechanism (KDPM), which is a novel security design that restricts the writing of specific kernel data. This mechanism protects privileged information and the security mechanism to overcome the limitations of existing approaches. The KDPM adopts a memory protection key (MPK) to control the write restriction of kernel data. The KDPM with the MPK ensures that the writing of privileged information for user processes is dynamically restricted during the invocation of specific system calls. To prevent the security mechanisms from being defeated, the KDPM dynamically restricts the writing of kernel data related to the mandatory access control during the execution of specific kernel codes. Further, the KDPM is implemented on the latest Linux with an MPK emulator. We also evaluated the possibility of preventing the writing of privileged information. The KDPM showed an acceptable performance cost, measured by the overhead, which was from 2.96% to 9.01% of system call invocations, whereas the performance load on the MPK operations was 22.1 ns to 1347.9 ns.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 59.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 79.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Exploit Database: Nexus 5 Android 5.0 - Privilege Escalation. https://www.exploit-db.com/exploits/35711/. Accessed 21 May 2019

  2. grsecurity: super fun 2.6.30+/RHEL5 2.6.18 local kernel exploit. https://grsecurity.net/~spender/exploits/exploit2.txt. Accessed 21 May 2019

  3. Abadi, M., Budiu, M., Erlingsson, U., Ligatti, J.: Control-flow integrity principles, implementations, and applications. In: Proceedings of the 12th ACM Conference on Computer and Communications Security, pp. 340–353. ACM (2005). https://doi.org/10.1145/1609956.1609960

  4. Criswell, J., Dautenhahn, N., Adve, V.: KCoFI: complete control-flow integrity for commodity operating system kernels. In: Proceedings of the IEEE Security and Privacy, pp. 292–307. IEEE (2014). https://doi.org/10.1109/SP.2014.26

  5. Shacham, H., Page, M., Pfaff, B., Goh, E., Modadugu, N., Boneh, D.: On the effectiveness of address-space randomization. In: Proceedings of the 11th ACM Conference on Computer and Communications Security, pp. 298–307. ACM (2004). https://doi.org/10.1145/1030083.1030124

  6. Yamauchi, T., Akao, Y., Yoshitani, R., Nakamura, Y., Hashimoto, M.: Additional kernel observer: privilege escalation attack prevention mechanism focusing on system call privilege changes. Int. J. Inf. Secur. 20(4), 461–473 (2020). https://doi.org/10.1007/s10207-020-00514-7

    Article  Google Scholar 

  7. Bonzini, P.: [PATCH] target/i86: implement PKS. https://lore.kernel.org/qemu-devel/20210127093540.472624-1-pbonzini@redhat.com/. Accessed 18 Aug 2021

  8. Intel Corporation: Intel(R) 64 and IA-32 Architectures Software Developer’s Manual. https://www.intel.com/content/www/us/en/developer/articles/technical/intel-sdm.html. Accessed 18 Aug 2021

  9. Chen, H., Mao, Y., Wang, X., Zhow, D., Zeldovich, N., Kaashoek, F.M.: Linux kernel vulnerabilities-state-of-the-art defenses and open problems. In: Proceedings of the Second Asia-Pacific Workshop on Systems, pp. 1–5. ACM (2011). https://doi.org/10.1145/2103799.2103805

  10. CVE-2016-4997. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4997. Accessed 10 May 2019

  11. CVE-2016-9793. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9793. Accessed 10 June 2019

  12. CVE-2017-1000112. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000112. Accessed 10 June 2019

  13. CVE-2017-16995. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16995. Accessed 10 June 2019

  14. CVE-2017-6074 (2017). https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6074. Accessed 16 Sep 2021

  15. Park, S., Lee, S., Xu, W., Moon, H., Kim, T.: libmpk: software abstraction for intel memory protection keys (Intel MPK). In: Proceedings of the 2019 USENIX Annual Technical Conference, pp. 241–254. USENIX (2019). https://dl.acm.org/doi/10.5555/3358807.3358829

  16. Vahldiek-Oberwagner, A., Elnikety, E., Duarte, O.N., Sammier, M., Druschel, P., Garg, D.: ERIM: secure, efficient in-process isolation with protection keys (MPK). In: Proceedings of the 28th USENIX Conference on Security Symposium, pp. 1221–1238. USENIX (2019). https://dl.acm.org/doi/10.5555/3361338.3361423

  17. Proskurin, S., Momeu, M., Ghavamnia, S., Kemerlis, P.V., Polychronakis, M.: xMP: selective memory protection for kernel and user space. In: Proceedings of the 2020 IEEE Symposium on Security and Privacy, pp. 563–577. IEEE (2020). https://doi.org/10.1109/SP40000.2020.00041

  18. Sung, M., Olivier, P., Lankes, S., Ravindran, B.: Intra-unikernel isolation with intel memory protection keys. In: Proceedings of the 16th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, pp. 143–156. ACM (2020). https://doi.org/10.1145/3381052.3381326

  19. Edge, J.: Control-flow integrity for the kernel. https://lwn.net/Articles/810077/. Accessed 8 Jan 2022

  20. Linux Vulnerability Statistics. https://www.cvedetails.com/vendor/33/Linux.html. Accessed 5 July 2019

Download references

Acknowledgment

This work was partially supported by the Japan Society for the Promotion of Science (JSPS) KAKENHI Grant Number JP19H04109 and JP22H03592.

Author information

Authors and Affiliations

  1. Graduate School of Engineering, Kobe University, Kobe, Japan

    Hiroki Kuzuno

  2. Faculty of Natural Science and Technology, Okayama University, Okayama, Japan

    Toshihiro Yamauchi

Authors
  1. Hiroki Kuzuno
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Toshihiro Yamauchi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Hiroki Kuzuno .

Editor information

Editors and Affiliations

  1. BTQ AG, Vaduz, Liechtenstein

    Chen-Mou Cheng

  2. NTT, Tokyo, Japan

    Mitsuaki Akiyama

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Kuzuno, H., Yamauchi, T. (2022). KDPM: Kernel Data Protection Mechanism Using a Memory Protection Key. In: Cheng, CM., Akiyama, M. (eds) Advances in Information and Computer Security. IWSEC 2022. Lecture Notes in Computer Science, vol 13504. Springer, Cham. https://doi.org/10.1007/978-3-031-15255-9_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-15255-9_4

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-15254-2

  • Online ISBN: 978-3-031-15255-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation