Hypernel: A Hardware-Assisted Framework for Kernel Protection without Nested Paging

Large OS kernels always suffer from attacks due to their numerous inherent vulnerabilities. To protect the kernel, hypervisors have been employed by many security solutions. However, relying on a hypervisor has a detrimental impact on the system performance due mainly to nested paging. In this paper, we present Hypernel, a security framework combining hardware and software components to address this problem. Hypersec, the software component, provides an isolated execution environment for security solutions, and the hardware monitor component enables a word-granularity monitoring capability on the kernel memory. Our evaluation shows that Hypernel efficiently fulfills the role of a security framework, while imposing mere 3.1% of runtime overhead on the system.

[1]  Abhinav Srivastava,et al.  Efficient protection of kernel data structures via object partitioning , 2012, ACSAC '12.

[2]  Xuxian Jiang,et al.  Countering kernel rootkits with lightweight hook protection , 2009, CCS.

[3]  Yunheung Paek,et al.  Hardware-Assisted On-Demand Hypervisor Activation for Efficient Security Critical Code Execution on Mobile Devices , 2016, USENIX Annual Technical Conference.

[4]  Peng Ning,et al.  SKEE: A lightweight Secure Kernel-level Execution Environment for ARM , 2016, NDSS.

[5]  Quan Chen,et al.  Hypervision Across Worlds: Real-time Kernel Protection from the ARM TrustZone Secure World , 2014, CCS.

[6]  Jason Nieh,et al.  KVM/ARM: the design and implementation of the linux ARM hypervisor , 2014, ASPLOS.

[7]  James Newsome,et al.  Design, Implementation and Verification of an eXtensible and Modular Hypervisor Framework , 2013, 2013 IEEE Symposium on Security and Privacy.

[8]  Jonathan M. Smith,et al.  Architectural Support for Software-Defined Metadata Processing , 2015, ASPLOS.

[9]  Will Dietz,et al.  Nested Kernel: An Operating System Architecture for Intra-Kernel Privilege Separation , 2015, ASPLOS.

[10]  G. Edward Suh,et al.  AEGIS: architecture for tamper-evident and tamper-resistant processing , 2003, ICS.

[11]  Minsu Kim,et al.  ATRA: Address Translation Redirection Attack against Hardware-based External Monitors , 2014, CCS.

[12]  S. M. García,et al.  2014: , 2020, A Party for Lazarus.

[13]  Gil Neiger,et al.  IntelŴVirtualization Technology: Hardware Support for Efficient Processor Virtualization , 2006 .

[14]  Michael W. Hicks,et al.  Automated detection of persistent kernel control-flow attacks , 2007, CCS '07.

[15]  Jason Nieh,et al.  ARM Virtualization: Performance and Architectural Implications , 2016, 2016 ACM/IEEE 43rd Annual International Symposium on Computer Architecture (ISCA).

[16]  Sotiris Ioannidis,et al.  GRIM: Leveraging GPUs for Kernel Integrity Monitoring , 2016, RAID.

[17]  Yunheung Paek,et al.  KI-Mon ARM: A Hardware-Assisted Event-triggered Monitoring Platform for Mutable Kernel Object , 2019, IEEE Transactions on Dependable and Secure Computing.

[18]  Peter G. Neumann,et al.  The CHERI capability model: Revisiting RISC in an age of risk , 2014, 2014 ACM/IEEE 41st International Symposium on Computer Architecture (ISCA).

[19]  Trent Jaeger,et al.  Sprobes: Enforcing Kernel Code Integrity on the TrustZone Architecture , 2014, ArXiv.

[20]  William R. Harris,et al.  Enforcing Kernel Security Invariants with Data Flow Integrity. , 2016, NDSS 2016.

[21]  Krste Asanovic,et al.  Mondrian memory protection , 2002, ASPLOS X.

[22]  Emmett Witchel,et al.  Ensuring operating system kernel integrity with OSck , 2011, ASPLOS XVI.

[23]  Yue Chen,et al.  Design and Implementation of SecPod, A Framework for Virtualization-Based Security Systems , 2015, IEEE Transactions on Dependable and Secure Computing.

[24]  Yunheung Paek,et al.  Dynamic Virtual Address Range Adjustment for Intra-Level Privilege Separation on ARM , 2017, NDSS.