TY - GEN
T1 - kMVX: Detecting Kernel Information Leaks with Multi-variant Execution
AU - Österlund, Sebastian
AU - Koning, Koen
AU - Olivier, Pierre
AU - Barbalace, Antonio
AU - Bos, Herbert
AU - Giuffrida, Cristiano
PY - 2019/4
Y1 - 2019/4
N2 - Kernel information leak vulnerabilities are a major security threat to production systems. Attackers can exploit them to leak confidential information such as cryptographic keys or kernel pointers. Despite efforts by kernel developers and researchers, existing defenses for kernels such as Linux are limited in scope or incur a prohibitive performance overhead. In this paper, we present kMVX, a comprehensive defense against information leak vulnerabilities in the kernel by running multiple diversified kernel variants simultaneously on the same machine. By constructing these variants in a careful manner, we can ensure they only show divergences when an attacker tries to exploit bugs present in the kernel. By detecting these divergences we can prevent kernel information leaks. Our kMVX design is inspired by multi-variant execution (MVX). Traditional MVX designs cannot be applied to kernels because of their assumptions on the run-time environment. kMVX, on the other hand, can be applied even to commodity kernels. We show our Linux-based prototype provides powerful protection against information leaks at acceptable performance overhead (20-50% in the worst case for popular server applications).
AB - Kernel information leak vulnerabilities are a major security threat to production systems. Attackers can exploit them to leak confidential information such as cryptographic keys or kernel pointers. Despite efforts by kernel developers and researchers, existing defenses for kernels such as Linux are limited in scope or incur a prohibitive performance overhead. In this paper, we present kMVX, a comprehensive defense against information leak vulnerabilities in the kernel by running multiple diversified kernel variants simultaneously on the same machine. By constructing these variants in a careful manner, we can ensure they only show divergences when an attacker tries to exploit bugs present in the kernel. By detecting these divergences we can prevent kernel information leaks. Our kMVX design is inspired by multi-variant execution (MVX). Traditional MVX designs cannot be applied to kernels because of their assumptions on the run-time environment. kMVX, on the other hand, can be applied even to commodity kernels. We show our Linux-based prototype provides powerful protection against information leaks at acceptable performance overhead (20-50% in the worst case for popular server applications).
KW - information leaks
KW - multi-variant exection
KW - operating systems
KW - security
UR - http://www.scopus.com/inward/record.url?scp=85064668893&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85064668893&partnerID=8YFLogxK
U2 - 10.1145/3297858.3304054
DO - 10.1145/3297858.3304054
M3 - Conference contribution
AN - SCOPUS:85064668893
SN - 9781450362405
SP - 559
EP - 572
BT - ASPLOS '19
PB - Association for Computing Machinery
T2 - 24th International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS 2019
Y2 - 13 April 2019 through 17 April 2019
ER -