Hypernel: A Hardware-Assisted Framework for Kernel Protection without Nested Paging

被引：2

作者：

Kwon, Donghyun ^{[1
]}

Oh, Kuenwhee ^{[2
]}

Park, Junmo ^{[1
]}

Yang, Seungyong ^{[2
]}

Cho, Yeongpil ^{[3
]}

Kang, Brent Byunghoon ^{[2
]}

Paek, Yunheung ^{[1
]}

机构：

[1] Seoul Natl Univ, Seoul, South Korea

[2] Korea Adv Inst Sci & Technol, Daejeon, South Korea

[3] Soongsil Univ, Seoul, South Korea

来源：

2018 55TH ACM/ESDA/IEEE DESIGN AUTOMATION CONFERENCE (DAC) | 2018年

基金：

新加坡国家研究基金会;

关键词：

D O I：

10.1145/3195970.3196061

中图分类号：

TP18 [人工智能理论];

学科分类号：

081104 ; 0812 ; 0835 ; 1405 ;

摘要：

Large OS kernels always suffer from attacks due to their numerous inherent vulnerabilities. To protect the kernel, hypervisors have been employed by many security solutions. However, relying on a hypervisor has a detrimental impact on the system performance due mainly to nested paging. In this paper, we present Hypernel, a security framework combining hardware and software components to address this problem. Hypersec, the software component, provides an isolated execution environment for security solutions, and the hardware monitor component enables a word-granularity monitoring capability on the kernel memory. Our evaluation shows that Hypernel efficiently fulfills the role of a security framework, while imposing mere 3.1% of runtime overhead on the system.

引用

页数：6

共 31 条

[21] SPAD: Software protection through anti-debugging using hardware-assisted virtualization
Qi, Z., 1600, Institute of Information Science (28):
[22] RAFT: Hardware-assisted Dynamic Information Flow Tracking for Runtime Protection on RISC-V
Wang, Yu
Wu, Jinting
Zheng, Haodong
Ning, Zhenyu
He, Boyuan
Zhang, Fengwei
PROCEEDINGS OF THE 26TH INTERNATIONAL SYMPOSIUM ON RESEARCH IN ATTACKS, INTRUSIONS AND DEFENSES, RAID 2023, 2023, : 595 - 608
[23] KI-Mon ARM: A Hardware-Assisted Event-triggered Monitoring Platform for Mutable Kernel Object
Lee, Hojoon
Moon, Hyungon
Heo, Ingoo
Jang, Daehee
Jang, Jinsoo
Kim, Kihwan
Paek, Yunheung
Kang, Brent Byunghoon
IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, 2019, 16 (02) : 287 - 300
[24] Hardware-assisted Neural Network IP Protection using Non-malicious Backdoor and Selective Weight Obfuscation
Grailoo, Mahdieh
Reinsalu, Uljana
Leier, Mairo
Nikoubin, Tooraj
PROCEEDINGS OF THE 2022 15TH IEEE DALLAS CIRCUITS AND SYSTEMS CONFERENCE (DCAS 2022), 2022,
[25] Security, Performance and Energy Implications of Hardware-assisted Memory Protection Mechanisms on Event-based Streaming Systems
Gottel, Christian
Pires, Rafael
Rocha, Isabelly
Vaucher, Sebastien
Felber, Pascal
Pasin, Marcelo
Schiavoni, Valerio
2018 IEEE 37TH INTERNATIONAL SYMPOSIUM ON RELIABLE DISTRIBUTED SYSTEMS (SRDS), 2018, : 264 - 266
[26] Possibility and limitation of a hardware-assisted data prefetching framework using off-line training of Markovian predictors
Kim, J
Puttaswamy, K
CDES '05: PROCEEDINGS OF THE 2005 INTERNATIONAL CONFERENCE ON COMPUTER DESIGN, 2005, : 153 - 158
[27] A Secure Lightweight Hardware-Assisted Charging Coordination Authentication Framework for Trusted Smart Grid Energy Storage Units
Amsaad F.
Köse S.
SN Computer Science, 2021, 2 (6)
[28] In-Fat Pointer: Hardware-Assisted Tagged-Pointer Spatial Memory Safety Defense with Subobject Granularity Protection
Xu, Shengjie
Huang, Wei
Lie, David
ASPLOS XXVI: TWENTY-SIXTH INTERNATIONAL CONFERENCE ON ARCHITECTURAL SUPPORT FOR PROGRAMMING LANGUAGES AND OPERATING SYSTEMS, 2021, : 224 - 240
[29] ChamelIoT: a tightly- and loosely-coupled hardware-assisted OS framework for low-end IoT devices
Silva, Miguel
Gomes, Tiago
Ekpanyapong, Mongkol
Tavares, Adriano
Pinto, Sandro
REAL-TIME SYSTEMS, 2024, 60 (01) : 150 - 196
[30] ChamelIoT: a tightly- and loosely-coupled hardware-assisted OS framework for low-end IoT devices
Miguel Silva
Tiago Gomes
Mongkol Ekpanyapong
Adriano Tavares
Sandro Pinto
Real-Time Systems, 2024, 60 : 150 - 196

← 1 2 3 4 →