Hypernel: A Hardware-Assisted Framework for Kernel Protection without Nested Paging

被引：2

作者：

Kwon, Donghyun ^{[1
]}

Oh, Kuenwhee ^{[2
]}

Park, Junmo ^{[1
]}

Yang, Seungyong ^{[2
]}

Cho, Yeongpil ^{[3
]}

Kang, Brent Byunghoon ^{[2
]}

Paek, Yunheung ^{[1
]}

机构：

[1] Seoul Natl Univ, Seoul, South Korea

[2] Korea Adv Inst Sci & Technol, Daejeon, South Korea

[3] Soongsil Univ, Seoul, South Korea

来源：

2018 55TH ACM/ESDA/IEEE DESIGN AUTOMATION CONFERENCE (DAC) | 2018年

基金：

新加坡国家研究基金会;

关键词：

D O I：

10.1145/3195970.3196061

中图分类号：

TP18 [人工智能理论];

学科分类号：

081104 ; 0812 ; 0835 ; 1405 ;

摘要：

Large OS kernels always suffer from attacks due to their numerous inherent vulnerabilities. To protect the kernel, hypervisors have been employed by many security solutions. However, relying on a hypervisor has a detrimental impact on the system performance due mainly to nested paging. In this paper, we present Hypernel, a security framework combining hardware and software components to address this problem. Hypersec, the software component, provides an isolated execution environment for security solutions, and the hardware monitor component enables a word-granularity monitoring capability on the kernel memory. Our evaluation shows that Hypernel efficiently fulfills the role of a security framework, while imposing mere 3.1% of runtime overhead on the system.

引用

页数：6

共 31 条

[1] Enforcing kernel constraints by hardware-assisted virtualization
Lacombe, Eric
Nicomette, Vincent
Deswarte, Yves
JOURNAL OF COMPUTER VIROLOGY AND HACKING TECHNIQUES, 2011, 7 (01): : 1 - 21
[2] Camouflage: Hardware-assisted CFI for the ARM Linux kernel
Denis-Courmont, Remi
Liljestrand, Hans
Chinea, Carlos
Ekberg, Jan-Erik
PROCEEDINGS OF THE 2020 57TH ACM/EDAC/IEEE DESIGN AUTOMATION CONFERENCE (DAC), 2020,
[3] HART: Hardware-Assisted Kernel Module Tracing on Arm
Du, Yunlan
Ning, Zhenyu
Xu, Jun
Wang, Zhilong
Lin, Yueh-Hsun
Zhang, Fengwei
Xing, Xinyu
Mao, Bing
COMPUTER SECURITY - ESORICS 2020, PT I, 2020, 12308 : 316 - 337
[4] TZ-KPM Kernel Protection Mechanism on Embedded Devices on Hardware-assisted Isolated Environment
Zheng, Xianyi
He, Yanhong
Ma, Jiangang
Shi, Gang
Meng, Dan
PROCEEDINGS OF 2016 IEEE 18TH INTERNATIONAL CONFERENCE ON HIGH PERFORMANCE COMPUTING AND COMMUNICATIONS; IEEE 14TH INTERNATIONAL CONFERENCE ON SMART CITY; IEEE 2ND INTERNATIONAL CONFERENCE ON DATA SCIENCE AND SYSTEMS (HPCC/SMARTCITY/DSS), 2016, : 663 - 670
[5] Hardware-Assisted Live Kernel Function Updating on Intel Platforms
Zhou, Lei
Zhang, Fengwei
Leach, Kevin
Ding, Xuhua
Ning, Zhenyu
Wang, Guojun
Xiao, Jidong
IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, 2024, 21 (04) : 2085 - 2098
[6] A Hardware-Assisted Protection and Restoration Scheme of Lost Smart Phones
YounKim, Ki
Seo, Euiseong
2014 IEEE Fourth International Conference on Consumer Electronics Berlin (ICCE-Berlin), 2014, : 122 - 125
[7] Hardware-Assisted Intellectual Property Protection of Deep Learning Models
Chakraborty, Abhishek
Mondal, Ankit
Srivastava, Ankur
PROCEEDINGS OF THE 2020 57TH ACM/EDAC/IEEE DESIGN AUTOMATION CONFERENCE (DAC), 2020,
[8] Only Hardware-Assisted Protection Can Deliver Durable Secure Foundations
Aussel, Jean-Daniel
Sailer, Reiner
IEEE SOFTWARE, 2011, 28 (02) : 57 - 59
[9] Undertow: An Intra-Kernel Isolation Mechanism for Hardware-Assisted Virtual Machines
Yang, Zihan
Mi, Zeyu
Xia, Yubin
2019 13TH IEEE INTERNATIONAL CONFERENCE ON SERVICE-ORIENTED SYSTEM ENGINEERING (SOSE) / 10TH INTERNATIONAL WORKSHOP ON JOINT CLOUD COMPUTING (JCC) / IEEE INTERNATIONAL WORKSHOP ON CLOUD COMPUTING IN ROBOTIC SYSTEMS (CCRS), 2019, : 257 - 262
[10] Guest Editorial: Hardware-Assisted Techniques for Security and Protection of Consumer Electronics
Sengupta, Anirban
Mohanty, Saraju P.
Rose, Garrett S.
IET COMPUTERS AND DIGITAL TECHNIQUES, 2018, 12 (06): : 249 - 250

← 1 2 3 4 →