基於 ARM 平台之核心模組沙盒化機制

當一個系統核心模組內存在著漏洞,會使得攻擊者有機會去破壞系統或者繞過核心的保護機制,將會暴露整個系統在風險之中。為此,我們提出了一個名為KSA的機制,利用虛擬化的技術來將一些程式碼移到虛擬機來執行,達到一個以函式為單位的隔離效果。ARM SoC比起x86機器來說更經常連接不同設備,為了讓系統能支持新設備,ARM平台上比較會有安裝新核心模組(驅動程式)的需求。再加上,由於 ARM SoC在設計上可能會缺少一些硬體的支援,例如用來映射設備地址的IOMMU。於是我們選擇在ARM平台上實做KSA並且不需要額外的硬體支援。與半虛擬化類似的概念,我們將一個核心模組分成前端模組與後端模組的形式。後端模組存在於虛擬機中,將被用來執行從主體機的前端模組送來之函式呼叫。KSA透過虛擬化的隔離效果,來使主體機免於潛藏在這些函式中的漏洞。我們經由一些實驗來評估KSA 所造成的效能影響和他的隔離效果,從結果中顯示KSA能夠避免主體機當機或者洩漏資訊。KSA較適用在處理核心模組設定、認證或者資料處理的函式上。

關鍵字

虛擬化； ARM ； KVM ；核心模組；系統漏洞

並列摘要

Vulnerabilities in a kernel module could allow the adversary to break kernel functionality down or bypass kernel protection, putting the system in risk. We propose a mechanism, called KSA(Kernel module Sandboxing mechanism for ARM platform), leveraged virtualization techniques to move the execution of certain functions into a virtual machine and provide a function-based isolation. Unlike an x86 machine, an ARM SoC may not have the full hardware support(e.g., IOMMU) and usually is attached several devices, such as sensors, to complete a certain work. An ARM platform is more likely to install a new kernel module(device driver). Therefore, we implement KSA on ARM platform without needing the additional hardware support. With the similar ideal of paravirtualization, our mechanism turns a kernel module into a form of front-end part and back-end part that exists respectively in host OS and guest VM. Back-end part performs the execution of the functions invoked by the front-end part. Through the isolation of virtualization, the host system can avoid the damage caused by potential vulnerabilities. In this paper, we evaluate the performance overhead and the isolation feature of KSA. The result shows that KSA can prevent host OS from crashing or leaking information and is suitably applied on configuration, verification and buffer processing functions.

並列關鍵字

virtualization ； ARM ； KVM ； kernel module ； kernel vulnerability

參考文獻

[1] L. Tan et al. “iKernel: Isolating Buggy and Malicious Device Drivers Using Hardware Virtualization Support”. In: Third IEEE International Symposium on Dependable, Autonomic and Secure Computing (DASC 2007). Sept. 2007, pp. 134–144. doi:10.1109/DASC.2007.16.

Google Scholar

[2] Silas Boyd-Wickizer and Nickolai Zeldovich. “Tolerating Malicious Device Drivers in Linux.” In: USENIX Annual Technical Conference. Boston. 2010.

Google Scholar

[3] Michael M. Swift et al. “Nooks: an architecture for reliable device drivers”. In: ACM SIGOPS European Workshop. 2002.

Google Scholar

[4] XEN developers. XEN - Driver Domain. url: https://wiki.xenproject.org/wiki/Driver_Domain.

Google Scholar

[5] Vinod Ganapathy et al. “The design and implementation of microdrivers”. In: ACM SIGARCH Computer Architecture News. Vol. 36. 1. ACM. 2008, pp. 168–178.

Google Scholar

延伸閱讀

楊銘雄（2011）。以ARM核心嵌入式系統開發可程式控制器〔碩士論文，國立虎尾科技大學〕。華藝線上圖書館。https://www.airitilibrary.com/Article/Detail?DocID=U0028-2601201110260400
Chang, P. H. (2013). 基於ARM虛擬化硬體支援於ARMvisor之CPU虛擬化技術實作 [master's thesis, National Tsing Hua University]. Airiti Library. https://www.airitilibrary.com/Article/Detail?DocID=U0016-2511201311370257
方立道（2008）。一種以ARM CPU與FPGA晶片為主要架構之嵌入式系統軟硬體發展驗證平台之設計與實現〔碩士論文，崑山科技大學〕。華藝線上圖書館。https://www.airitilibrary.com/Article/Detail?DocID=U0025-1706200821305800
Lima, F. D. A., Moreno, E. D., Santos, D. O. D. D., & Dias, W. R. A. (2015). Energy Characterization of a Security Module in ARM Processor. International Journal of Network Security, 17(1), 72-78. https://doi.org/10.6633/IJNS.201501.17(1).10
TIAN, D., CHEN, J., HU, C., & XUE, J. (2016). A Secure and Efficient Kernel Log Transfer Mechanism for Virtualization Environments. Journal of Information Science and Engineering, 32(5), 1131-1143. https://www.airitilibrary.com/Article/Detail?DocID=10162364-201609-201703280016-201703280016-1131-1143

國際替代計量

基於 ARM 平台之核心模組沙盒化機制

全文下載

主題瀏覽