Skip to main content
SpringerLink
Log in

Detecting Stack Based Kernel Information Leaks

  • Conference paper
Book cover International Joint Conference SOCO’14-CISIS’14-ICEUTE’14

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 299))

Abstract

The Linux kernel has become widely adopted in the mobile devices and cloud services, parallel to this has grown its abuse and misuse by attackers and malicious users. This has increased attention paid to kernel security through the deployment of kernel protection mechanisms. Kernel based attacks require reliability, kernel attack reliability is achieved through the information gathering stage where the attacker is able to gather enough information about the target to succeed. The taxonomy of kernel vulnerabilities includes information leaks, that are a class of vulnerabilities that permit access to the kernel memory layout and contents. Information leaks can improve the attack reliability allowing the attacker to read sensitive kernel data to bypass kernel based protections.

In this work, we aim at the detection of stack based kernel information leaks to secure kernels. We analyse the problem of stack based kernel infoleaks, then we perform a classification of the causes of information disclosure vulnerabilities. Next, we propose an approach for the detection of stack based kernel infoleaks using static analysis techniques, and last we evaluate our approach applying it to the Linux kernel.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. CVE-2010-4525. kvm: x86: zero kvm_vcpu_events-> interrupt.pad infoleak

    Google Scholar 

  2. CVE-2012-0053: Apache information disclosure on response to Bad HTTP Request

    Google Scholar 

  3. CVE-2013-2147. fix info leak in cciss_ioctl32_passthru(), https://git.kernel.org

  4. Chen, H., Mao, Y., Wang, X.: Linux kernel vulnerabilities: State-of-the-art defenses and open problems. In: APSYS 2011. ACM (2011)

    Google Scholar 

  5. MITRE. Common Weakness Enumeration. CWE-200: Information Exposure

    Google Scholar 

  6. Intel Corp. IA-32 Architecture Software Developer’s Manual - Volume 3A (2007)

    Google Scholar 

  7. Herrero, A., et al.: RT-MOVICAB-IDS: Addressing real-time intrusion detection. In: FGCS 2013 (2013)

    Google Scholar 

  8. Cowan, C., et al.: StackGuard: Automatic adaptive detection and prevention of buffer-overflow attacks. In: USENIX-SEC (1998)

    Google Scholar 

  9. Denning, D.E., et al.: Certification of Programs for Secure Information Flow. In: C. ACM (1977)

    Google Scholar 

  10. Hund, R., et al.: Practical Timing Side Channel Attacks Against Kernel Space ASLR. In: IEEE SSP (2013)

    Google Scholar 

  11. Strackx, R., et al.: Breaking the Memory Secrecy Assumption. In: EUROSEC 2009 (2009)

    Google Scholar 

  12. Gorman, M.: Understanding the Linux virtual memory manager. Prentice Hall

    Google Scholar 

  13. Hopcroft, J.E.: Introduction to Automata Theory, Languages, and Computation (2008)

    Google Scholar 

  14. ISO. The ANSI C standard (C99). Technical Report WG14 N1124, ISO/IEC (1999)

    Google Scholar 

  15. Johnson, R.: Finding user/kernel pointer bugs with type inference. In: USENIX-SEC

    Google Scholar 

  16. Jones, D.: The Trinity system call fuzzer. Linux Kernel (2013)

    Google Scholar 

  17. Lawall, J.L., Brunel, J., Palix, N., Rydhof Hansen, R.: WYSIWIB: A declarative approach to finding API protocols and bugs in Linux code. In: DSN 2009. IEEE (2009)

    Google Scholar 

  18. Linux. kptr_restrict: disclosure of kernel pointers, http://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/tree/Documentation/sysctl/kernel.txt

  19. Peiró, S.: CVE request: Assorted kernel infoleak security fixes. CVE-2014-1444

    Google Scholar 

  20. Rosenberg, D., Oberheide, J.: Stackjacking: A PaX exploit framework (2011)

    Google Scholar 

  21. Saltzer, J.: The protection of information in computer systems. In: IEEE Proc. (1975)

    Google Scholar 

  22. Sánchez, J., Peiró, S., Masmano, M., Simó, J., Balbastre, P.: Linux porting to the XtratuM Hypervisor for x86 processors. In: 14th Real Time Linux Workshop (2012)

    Google Scholar 

  23. Stuart, H.: Hunting Bugs with Coccinelle. PhD thesis, Diku (2008)

    Google Scholar 

  24. Tanenbaum, A.S.: Modern Operating Systems, 3rd edn. Prentice Hall (2007)

    Google Scholar 

  25. PAX Team. Address Space Layout Randomization (ASLR) (2001)

    Google Scholar 

  26. Torvalds, L.: Sparse: A semantic parser for C (2006), http://sparse.wiki.kernel.org

Download references

Author information

Authors and Affiliations

  1. Instituto de Automática e Informática Industrial (AI2), Universitat Politècnica de València, Valencia, Spain

    S. Peiró, M. Muñoz, M. Masmano & A. Crespo

Authors
  1. S. Peiró
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. M. Muñoz
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. M. Masmano
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. A. Crespo
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to S. Peiró .

Editor information

Editors and Affiliations

  1. DeustoTech Computing, University of Deusto, Bilbao, Spain

    José Gaviria de la Puerta

  2. DeustoTech Computing, University of Deusto, Bilbao, Spain

    Iván García Ferreira

  3. DeustoTech Computing, University of Deusto, Bilbao, Spain

    Pablo Garcia Bringas

  4. German Workforce ADL Partnership Laboratory, Waltershausen, Germany

    Fanny Klett

  5. Scientific Network for Innovation and Research Excellence, Machine Intelligence Research Labs (MIR Labs), Washington, USA

    Ajith Abraham

  6. Department of Computer Science, University of Sao Paulo at Sao Carlos, Sao Carlos, Brazil

    André C.P.L.F. de Carvalho

  7. Department of Civil Engineering Escuela Politénica Superior, University of Burgos, Burgos, Spain

    Álvaro Herrero

  8. Department of Civil Engineering Escuela Politénica Superior, University of Burgos, Burgos, Spain

    Bruno Baruque

  9. Departamento de Enxeñeria Industrial, Escuela Universitaria Politécnica, University of Salamanca, Salamanca, Spain and University of Coruña, La Coruña, Spain

    Héctor Quintián

  10. University of Salamanca, Salamanca, Spain

    Emilio Corchado

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Peiró, S., Muñoz, M., Masmano, M., Crespo, A. (2014). Detecting Stack Based Kernel Information Leaks. In: de la Puerta, J., et al. International Joint Conference SOCO’14-CISIS’14-ICEUTE’14. Advances in Intelligent Systems and Computing, vol 299. Springer, Cham. https://doi.org/10.1007/978-3-319-07995-0_32

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-07995-0_32

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-07994-3

  • Online ISBN: 978-3-319-07995-0

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation