内核完整性保护模型的设计与实现

doi:10.11959/j.issn.1000-436x.2015289

Abstract

Abstract:

Untrusted kernel extensions were considered to be a big threat to OS kernel integrity because once they were loaded into the kernel space,then they may corrupt both the OS kernel data and code at will.To address this problem,MAC-based model named MOKIP for OS kernel integrity protection was presented.The basic idea of MOKIP was to set different integrity labels for different entities in the kernel space,and then ensure that the entities with low integrity label cannot harm the entities with high integrity label.A prototype system based on the hardware assisted virtualization technology was implemented.The experimental results show that proposed system is effective at defending against various malicious kernel extension attacks within a little performance overhead which is less than 13%.

Key words: kernel extensions, OS kernel, integrity protection, virtualization technology

Dong-hai TIAN,Jun-hua CHEN,Xiao-qi JIA,Chang-zhen HU. Design and implementation of a model for OS kernel integrity protection[J]. Journal on Communications, 2015, 36(Z1): 118-125.

Figures/Tables 8

References 19

[1]	DANIELA A S O , WU S F . Protecting kernel code and data with a virtualization-aware collaborative operating system[A]. Proceedings of the 25th Annual Computer Security Applications Conference (ACSAC)[C]. Honolulu,Hawaii, 2009. 451-460.
[2]	BIBA K J . Integrity consideration for secure compuer system[R]. Technical report,Mitre Corp.Report TR-3153,Bedford,Mass, 1977.
[3]	XU M , JIANG X X , RAVI S , et al. Towards a VMM-based usage control framework for OS kernel integrity protection[A]. Proceedings of the 12th ACM Symposium on Access Control Models and Technologies[C]. Sophia Antipolis,France, 2007. 71-80.
[4]	Microsoft Corporation. Windows Driver Signing[EB/OL]. .
[5]	Windows Vista Security Blog[EB/OL]. .
[6]	GUTTMAN J , HERZOG A , RAMSDELL J . Information flow in operating systems:eager formal methods[A]. Workshop on Issues in the Theory of Security (WITS)[C]. 2003.
[7]	SANDHU R S . Lattice-based access control models[J]. IEEE Computer, 1993,26(11): 9-19.
[8]	SHANKAR U , JAEGER T , SAILER R . Toward automated information-flow integrity verification for security-critical applications[A]. Proceedings of the 13th Network and Distributed System Security Symposium (NDSS)[C]. 2006.
[9]	BARHAM P , DRAGOVIC B , FRASER K , et al. Xen and the art of virtualization[A]. Proceedings of the 19th ACM Symposium on Operating System Principles (SOSP)[C]. 2003. 164-177.
[10]	Intel Corporation. Intel 64 and IA-32 Architectures Software Developer's Manuals[EB/OL]. .
[11]	PETER M C , BRIAN D N . When virtual is better than real[A]. Proceedings of the 2001 Workshop on Hot Topics in Operating Systems (HotOS)[C]. 2001.0133.
[12]	DANIEL B , MARCO C , Understanding the Linux Kernel[M]. O'Reilly＆ Associates Inc,third edition, 2005.
[13]	SESHADRI A L M Q N . PERRIG A . SecVisor:a tiny hypervisor to provide lifetime kernel code integrity for commodity OSes[A]. Proceedings of the 24th ACM Symposium on Operating System Principles (SOSP)[C]. 2007. 335-350.
[14]	RYAN R , JIANG X X , XU D Y . Guest-transparent prevention of kernel rootkits with VMM-based memory shadowing[A]. Proceedings of the 11th International Symposium on Recent Advances in Intrusion Detection (RAID)[C]. 2008. 1-20.
[15]	MICHAEL G , WANG Z , DEEPA S , et al. Transparent protection of commodity OS kernels using hardware virtualization[A]. Proceedings of the 6th International Conference on Security and Privacy in Communication Networks (SecureComm)[C]. 2010. 162-180.
[16]	RALF H , THORSTEN H , FELIX C F . Return-oriented rootkits:bypassing kernel code integrity protection mechanisms[A]. Proceedings of 18th Usenix Security Symposium (Usenix Security)[C]. 2009. 383-398.
[17]	MAO Y D , CHEN H G , ZHOU D , et al. Software fault isolation with API integrity and multi-principal modules[A]. Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles (SOSP)[C]. 2011. 115-128.
[18]	马超, 尹杰, 刘虎球 , 等. KFUR:一个新型内核扩展安全模型[J]. 计算机学报, 2012,35(10): 2091-2100. MA C , YIN J , LIU H Q , et al. KFUK:a new rernel extension security model[J]. Chinese Journal of Computers, 2012,35(10): 2091-2100.
[19]	郑豪, 董小社, 王恩东 , 等. VM 内部隔离驱动程序的可靠性架构[J]. 软件学报, 2014,(10): 2235-2250. ZHENG H , DONG X S , WANG E D , et al. Reliability architecture to isolate the driver inside the VM[J]. Journal of Software, 2014,(10): 2235-2252.

Metrics

Recommended 0

No Suggested Reading articles found!

恶意内核模块	恶意行为	检测结果	检测原因
Adore-ng 0.56	修改内核函数指针	成功检测	低完整性S_UE写高完整性O_OS-data
EnyeLKM	修改内核二进制代码	成功检测	低完整性S_UE写高完整性O_OS-code
Override	修改内核系统调用表	成功检测	低完整性S_UE写高完整性O_OS-data
All-root	修改内核进程链表和系统调用表	成功检测	低完整性S_UE写高完整性O_OS-data
Hp	修改内核进程链表	成功检测	低完整性S_UE写高完整性O_OS-data
Lvtes	修改内核系统调用表和模块链表	成功检测	低完整性S_UE写高完整性O_OS-data
ROP rootkit	修改自身堆栈地址和利用现有内核代码	成功检测	低完整性S_UE执行高完整性O_OS-other
破坏IDT rootkit	修改IDT特权寄存器	成功检测	低完整性S_UE写高完整性O_reg

性能	受控内核模块	Xen	MOKIP
解压内核压缩包的时间	ext3	35 367 ms	39 568 ms
编译内核代码的时间	ext3	2 812 s	3 176 s
Apache服务器的传输率	8 139too	2 253 kbit/s	2 013 kbit/s
Lighttpd服务器的吞吐率	8 139too	5 362 kbit /s	4 867 kbit /s
拷贝文件的传输率	uhci-hcd	692 kbit/s	611 kbit/s

操作	受控内核模块	Xen	MOKIP
编译内核代码	ext3	5 183	5 227
访问Apache服务器	8139too	4 719	4 736
拷贝文件	uhci-hcd	4 862	4 883

Design and implementation of a model for OS kernel integrity protection

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 8

References 19

Related Articles 1

Metrics

Recommended 0