Instruction-level data isolation for the kernel on ARM

As more sophisticated services are increasingly offered by the OS kernel on mobile devices, the security and sensitivity of kernel data that they depend on are becoming a critical issue. Data isolation has emerged as a key technique that can address the issue by providing strong protection for sensitive kernel data. However, existing data isolation mechanisms for mobile devices all incur non-negligible performance overhead. We deem that such computational burden would be a serious problem for mobile devices which already suffer from resource poverty. To alleviate this problem, we have developed a new mechanism that enforces data isolation very efficiently on ARM-based machines backed by unique hardware instructions. For evaluation, this instruction-level data isolation mechanism has been implemented in the Android/Linux kernel running on ARM. According to the experiment, it provides a lightweight data isolation capability for security services installed in the kernel.

[1]  Bennet S. Yee,et al.  Adapting Software Fault Isolation to Contemporary CPU Architectures , 2010, USENIX Security Symposium.

[2]  Yunheung Paek,et al.  Hardware-Assisted On-Demand Hypervisor Activation for Efficient Security Critical Code Execution on Mobile Devices , 2016, USENIX Annual Technical Conference.

[3]  William R. Harris,et al.  Enforcing Kernel Security Invariants with Data Flow Integrity. , 2016, NDSS 2016.

[4]  Trent Jaeger,et al.  Fine-Grained Control-Flow Integrity for Kernel Software , 2016, 2016 IEEE European Symposium on Security and Privacy (EuroS&P).

[5]  Herbert Bos,et al.  Undermining Information Hiding (and What to Do about It) , 2016, USENIX Security Symposium.

[6]  Adrian Perrig,et al.  SecVisor: a tiny hypervisor to provide lifetime kernel code integrity for commodity OSes , 2007, SOSP.

[7]  George Candea,et al.  Code-pointer integrity , 2014, OSDI.

[8]  Martín Abadi,et al.  Control-flow integrity , 2005, CCS '05.

[9]  Martín Abadi,et al.  XFI: software guards for system address spaces , 2006, OSDI '06.

[10]  Milo M. K. Martin,et al.  SoftBound: highly compatible and complete spatial memory safety for c , 2009, PLDI '09.

[11]  Jonathan M. Smith,et al.  Architectural Support for Software-Defined Metadata Processing , 2015, ASPLOS.

[12]  Yunheung Paek,et al.  HDFI: Hardware-Assisted Data-Flow Isolation , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[13]  Will Dietz,et al.  Nested Kernel: An Operating System Architecture for Intra-Kernel Privilege Separation , 2015, ASPLOS.

[14]  Vikram S. Adve,et al.  KCoFI: Complete Control-Flow Integrity for Commodity Operating System Kernels , 2014, 2014 IEEE Symposium on Security and Privacy.

[15]  Peng Ning,et al.  SKEE: A lightweight Secure Kernel-level Execution Environment for ARM , 2016, NDSS.

[16]  Quan Chen,et al.  Hypervision Across Worlds: Real-time Kernel Protection from the ARM TrustZone Secure World , 2014, CCS.

[17]  Miguel Castro,et al.  Fast byte-granularity software fault isolation , 2009, SOSP '09.

[18]  Abhinav Srivastava,et al.  Efficient Monitoring of Untrusted Kernel-Mode Execution , 2011, NDSS.