SafeFetch: Practical Double-Fetch Protection with Kernel-Fetch Caching

Victor Duta, Mitchel Josephus Aloserij, Cristiano Giuffrida

Research output: Chapter in Book / Report / Conference proceedingConference contributionAcademicpeer-review

Abstract

Double-fetch bugs (or vulnerabilities) stem from in-kernel system call execution fetching the same user data twice without proper data (re)sanitization, enabling TOCTTOU attacks and posing a major threat to operating systems security. Existing double-fetch protection systems rely on the MMU to trap on writes to syscall-accessed user pages and provide the kernel with a consistent snapshot of user memory. While this strategy can hinder attacks, it also introduces nontrivial runtime performance overhead due to the cost of trapping/remapping and the coarse (page-granular) write interposition mechanism. In this paper, we propose SafeFetch, a practical solution to protect the kernel from double-fetch bugs. The key intuition is that most system calls fetch small amounts of user data (if at all), hence caching this data in the kernel can be done at a small performance cost. To this end, SafeFetch creates per-syscall caches to persist fetched user data and replay them when they are fetched again within the same syscall. This strategy neutralizes all double-fetch bugs, while eliminating trapping/remapping overheads and relying on efficient byte-granular interposition. Our Linux prototype evaluation shows SafeFetch can provide comprehensive protection with low performance overheads (e.g., 4.4% geomean on LMBench), significantly outperforming state-of-the-art solutions.

Original languageEnglish
Title of host publication33rd USENIX Security Symposium, USENIX Security 2024, Philadelphia, PA, USA, August 14-16, 2024
Subtitle of host publication[Proceedings]
EditorsDavide Balzarotti, Wenyuan Xu
PublisherUSENIX Association
Pages1207-1224
Number of pages18
ISBN (Electronic)9781939133441
Publication statusPublished - 2024
Event33rd USENIX Security Symposium, USENIX Security 2024 - Philadelphia, United States
Duration: 14 Aug 202416 Aug 2024

Conference

Conference33rd USENIX Security Symposium, USENIX Security 2024
Country/TerritoryUnited States
CityPhiladelphia
Period14/08/2416/08/24

Bibliographical note

Publisher Copyright:
© USENIX Security Symposium 2024.All rights reserved.

Fingerprint

Dive into the research topics of 'SafeFetch: Practical Double-Fetch Protection with Kernel-Fetch Caching'. Together they form a unique fingerprint.

Cite this