Download Enhanced Operating System Security Through Efficient and Fine

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
Document related concepts

CP/M wikipedia , lookup

DNIX wikipedia , lookup

Security-focused operating system wikipedia , lookup

Distributed operating system wikipedia , lookup

Library (computing) wikipedia , lookup

Spring (operating system) wikipedia , lookup

Process management (computing) wikipedia , lookup

Paging wikipedia , lookup

Transcript 
Enhanced Operating System
Security Through Efficient
and Fine-grained Address
Space Randomization
{
Cristiano Giuffrida, Anton Kuijsten &
Andrew S.Tanenbaum
Vrije Universiteit, Amsterdam
Presented
By
Neil Parmar
Kernel Level Exploitations
Exploitations:
• Kernel-level exploitation gaining a vast momentum
• Many exploitations are available for Windows, Linux, BSD, Mac OS X, iOS
Causes of Exploitations:
• Plenty of memory error vulnerabilities to choose from
• Improved Kernel codebase is complex, large, and in continuous evolution
• A large number of internet-connected users running the same kernel version
• Many attack opportunities for both local and remote exploits
Existing Countermeasures
Countermeasures:
• Preserving Kernel code Integrity [SecVisor, NICKLE, hvmHarvard]
• Kernel hook protection [HookSafe, HookScout, Indexed hooks]
• Control-flow Integrity [SBCFI]
Drawbacks of the particular Countermeasures:
• No comprehensive memory error protection
• Virtualization Support required, high overhead
Address Space
Randomization (ASR)
• Well-established defense mechanism against memory error exploits
• Application-level support in all major operating systems
• The operating system itself typically not randomized at all
• Only recent Windows releases perform basic text randomization
• No strategy has been proposed for comprehensive and fine-grained OS level ASR
• GOAL: Fine-Grained ASR for operating systems
Contributions
• Identify the challenges and the key requirements for a comprehensive
OS-Level ASR Solution.
•
Fine-Grained ASR: Improve existing ASR solution in terms of both
performance and security.
•
Introduction to Live Rerandomization Strategy
Background
• Code and data locations are unpredictable in memory
• Preventing adversary for detecting precise assumption on the memory layout
• Fine-Grained ASR permute the order of individual memory objects
Background
• Code and data locations be unpredictable in memory.
Challenges in OS-Level
ASR
• Instrumentation
• Run-time constraints
• Information Leakage
• Brute Force
A Design for OS-Level
ASR
• Make both location and layout of memory objects unpredictable
• LLVM-based link-time transformation for safe and efficient ASR
• Minimal amount of untrusted code exposed to the runtime
• Live randomization n to maximize observability of the system
• No changes in software distribution model
Architecture
The OS Architecture for ASR Design
Code Randomization
Original Function (LLVM IR)
Code Randomization
Randomize function location
Code Randomization
Adding Random size padding
Code Randomization
Basic Block Shifting
Static Data
Randomization
Original variable and type (LLVM IR)
Static Data
Randomization
Random Variable Location
Static Data
Randomization
Add Random-sized padding
Static Data
Randomization
Internal Layout Randomization
Stack Randomization
Dynamic Data
Randomization
• Support for malloc()/mmap()-like allocator abstractions
• Memory mapped regions are fully randomized
• Heap allocations are interleaved with random-sized padding
• Full heap randomization enforced at live randomization time
• ILR (Internal Link Randomization) for all the dynamically allocated
memory objects
Live Randomization
• First stateful live randomization technique
• Periodically rerandomize the memory address space layout
• Support arbitary memory layout changes at rerandomization time
• Support all the standard C idioms with minimal manual effort
• Sandbox the rerandomization code to recover from run-time errors
ASRR Transformations
ASRR Metadata
• Types
• Global Variables
• Static Variables
• String constants
• Functions
• Dynamic memory allocation
The Randomization
Process
The Randomization
Process
The Randomization
Process
The Randomization
Process
The Randomization
Process
The Randomization
Process
The Randomization
Process
The Randomization
Process
ASR Performance
ASR Performance
Summary
• A new fine-grained technique for operating systems
• Better performance and security than prior ASR solutions
• Live rerandomization and ILR to counter information leakage
• No heavyweight instrumentation exposed to the runtime
• Process-based isolation to recover from run-time ASRR error
Related documents
What is Randomization?
What is Randomization?
Handout - CAUSEweb
Handout - CAUSEweb
Sampling and Statistical Power
Sampling and Statistical Power
RANDOMISED CLINICAL TRIALS
RANDOMISED CLINICAL TRIALS
Which endpoint to choose ? (in phase II sarcoma clinical trials)
Which endpoint to choose ? (in phase II sarcoma clinical trials)
The Analysis of Population
The Analysis of Population
experiment
experiment
Unit 8
Unit 8
Chapter 1: Why is my evil professor forcing me to learn statistics?
Chapter 1: Why is my evil professor forcing me to learn statistics?
How to Design a Clinical Trial
How to Design a Clinical Trial