Go to DBLP homepageGENESIS: A Generalizable, Efficient, and Secure Intra-kernel Privilege Separation
Abstract: Maintaining the trustworthiness of OS kernels is imperative in upholding any form of security objective within a system. However, most commodity kernel designs are monolithic and subject to frequent changes that may contain or introduce new software bugs. The uniform privilege and single address space of monolithic kernels assist the adversary in turning any vulnerability into a single point of failure. Hence, various isolation designs have been proposed to enable privilege separation within the kernel. However, many of these solutions are architecture-dependent because of their reliance on specific features of their target architecture.We present Genesis, a novel architecture-agnostic intra-kernel privilege separation design. The main idea behind Genesis is to construct a self-protected execution environment while leveraging only de facto hardware security primitives in contemporary architectures. This design principle paves the way for a generalizable intra-kernel solution that is applicable to other architectures without significant redesign effort; specifically, our prototype leverages a general hardware feature, such as supervisor-mode access prevention (SMAP) on x86-64, over which we realize two essential techniques for intra-kernel isolation: kernel deprivileging and secure domain switching. While sustaining its generalizability, Genesis introduces moderate performance overhead in standard benchmarks and real-world applications, such as Nginx and Memcached.
Loading