Address Space Isolation in the Linux Kernel

被引：1

作者：

Nider, Joel ^{[1
]}

Rapoport, Mike ^{[1
]}

Bottomley, James ^{[2
]}

机构：

[1] IBM Res, Haifa, Israel

[2] IBM Res, Seattle, WA USA

来源：

SYSTOR '19: PROCEEDINGS OF THE 12TH ACM INTERNATIONAL SYSTEMS AND STORAGE CONFERENCE | 2019年

关键词：

kernel; Linux; security; isolation;

D O I：

10.1145/3319647.3325855

中图分类号：

TP301 [理论、方法];

学科分类号：

081202 ;

摘要：

Monolithic kernel design mandates the use of a single address space for kernel data and code. While this design is easy to understand and performs well, it does not provide much in the way of protection from exploitable bugs in the interface. By dividing up kernel objects into areas of responsibility, we can introduce additional address spaces which will prevent information leakage, even in the case of a successful attack on the kernel. We are exploring several possible implementations with the goal of increasing security while minimizing the impact on performance.

引用

页码：194 / 194

页数：1

共 50 条

[1] Developing Linux kernel space device driver
Rockwell Automation Lab
Guangdong University of Technology
Guangzhou
China) Zheng
Wei Wang
Qinruo Wu
Naiyou
微计算机信息, 2003, (12) : 88 - 90
[2] Breaking Kernel Address Space Layout Randomization with Intel TSX
Jang, Yeongjin
Lee, Sangho
Kim, Taesoo
CCS'16: PROCEEDINGS OF THE 2016 ACM SIGSAC CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY, 2016, : 380 - 392
[3] Derandomizing Kernel Address Space Layout for Memory Introspection and Forensics
Gu, Yufei
Lin, Zhicliang
CODASPY'16: PROCEEDINGS OF THE SIXTH ACM CONFERENCE ON DATA AND APPLICATION SECURITY AND PRIVACY, 2016, : 62 - 72
[4] Hixosfs_Music: a filesystem in Linux kernel space for musical files
Corriero, Nicola
Cozza, Vittoria
2009 FIRST INTERNATIONAL CONFERENCE ON ADVANCES IN MULTIMEDIA, 2009, : 174 - 179
[5] Linux kernel debugging
Gereaux, DA
DR DOBBS JOURNAL, 2005, 30 (11): : 51 - 54
[6] Linux kernel release
不详
IEEE INTERNET COMPUTING, 2001, 5 (02) : 13 - 13
[7] Fuzzing the Linux Kernel
Carabas, Costin
Carabas, Mihai
2017 COMPUTING CONFERENCE, 2017, : 839 - 843
[8] AN EXPERIMENTAL ADDRESS SPACE ISOLATION TECHNIQUE FOR SNA NETWORKS
RYDER, KD
IBM SYSTEMS JOURNAL, 1983, 22 (04) : 367 - 386
[9] Adelie: Continuous Address Space Layout Re-randomization for Linux Drivers
Nikolaev, Ruslan
Nadeem, Hassan
Stone, Cathlyn
Ravindran, Binoy
ASPLOS '22: PROCEEDINGS OF THE 27TH ACM INTERNATIONAL CONFERENCE ON ARCHITECTURAL SUPPORT FOR PROGRAMMING LANGUAGES AND OPERATING SYSTEMS, 2022, : 483 - 498
[10] Communicating between the kernel and user-space in Linux using Netlink sockets
Neira-Ayuso, Pablo
Gasca, Rafael M.
Lefevre, Laurent
SOFTWARE-PRACTICE & EXPERIENCE, 2010, 40 (09): : 797 - 810

← 1 2 3 4 5 →