Skip navigation

DSpace JSPUI

DSpace preserves and enables easy and open access to all types of digital content including text, images, moving images, mpegs and data sets

Learn More
DSpace logo
English
中文
  • Browse
    • Communities
      & Collections
    • Publication Year
    • Author
    • Title
    • Subject
    • Advisor
  • Search TDR
  • Rights Q&A
    • My Page
    • Receive email
      updates
    • Edit Profile
  1. NTU Theses and Dissertations Repository
  2. 電機資訊學院
  3. 資訊網路與多媒體研究所
Please use this identifier to cite or link to this item: http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/91047
Full metadata record
???org.dspace.app.webui.jsptag.ItemTag.dcfield???ValueLanguage
dc.contributor.advisor黎士瑋zh_TW
dc.contributor.advisorShih-Wei Lien
dc.contributor.authorJoey LIzh_TW
dc.contributor.authorJoey LIen
dc.date.accessioned2023-10-24T16:52:56Z-
dc.date.available2025-10-17-
dc.date.copyright2023-10-24-
dc.date.issued2023-
dc.date.submitted2023-08-04-
dc.identifier.citation[1] Apache http server benchmarking tool. http://httpd.apache.org/docs/2.4/programs/ab.html.
[2] Arm architecture reference manual for a-profile architecture,. https://developer.arm.com/documentation/ddi0487/latest/.
[3] Arm system memory management unit architecture specification. https://developer.arm.com/documentation/ihi0070/latest.
[4] Cve details linux kernel vulnerability statistics. https://www.cvedetails.com/product/47/Linux-Linux-Kernel.html?vendor_id=33.
[5] Improve hackbench. http://people.redhat.com/mingo/cfs-scheduler/tools/hackbench.c, 2008.
[6] Mwr labs. windows 8 kernel memory protections by-pass. http://labs.mwrinfosecurity.com/blog/2014/08/15/windows-8-kernel-memoryprotections-bypass, 2014.
[7] Kaiser: hiding the kernel from user space. https://lwn.net/Articles/738975/, 2017.
[8] Virtualization based security. https://learn.microsoft.com/en-us/windows-hardware/design/device-experiences/oem-vbs, 2023.
[9] D. Boggs, G. Brown, N. Tuck, and K. Venkatraman. Denver: Nvidia’s first 64-bit arm processor. IEEE Micro, 35(2):46–55, 2015.
[10] D. Calavera and L. Fontana. Linux Observability with BPF: Advanced Programming for Performance Analysis and Networking. O’Reilly Media, 2019.
[11] N. Carlini, A. Barresi, M. Payer, D. Wagner, and T. R. Gross. {Control-Flow} bend-ing: On the effectiveness of {Control-Flow} integrity. In 24th USENIX Security Symposium (USENIX Security 15), pages 161–176, 2015.
[12] N. Dautenhahn, T. Kasampalis, W. Dietz, J. Criswell, and V. Adve. Nested kernel: An operating system architecture for intra-kernel privilege separation. In Proceedings of the Twentieth International Conference on Architectural Support for Programming Languages and Operating Systems, pages 191–206, 2015.
[13] L. Davi, D. Gens, C. Liebchen, and A.-R. Sadeghi. Pt-rand: Practical mitigation of data-only attacks against page tables. In NDSS, 2017.
[14] X. Ge, H. Vijayakumar, and T. Jaeger. Sprobes: Enforcing kernel code integrity on the trustzone architecture. arXiv preprint arXiv:1410.7747, 2014.
[15] X. Jiang, X. Wang, and D. Xu. Stealthy malware detection through vmm-based `out-of-the-box'semantic view. In 14th ACM Conference on Computer and Communications Security (CCS), Alexandria, VA (November 2007), volume 10.
[16] R. Jones. Netperf. https://github.com/HewlettPackard/netperf, Accessed 2023.
[17] S. Kim, J. Park, K. Lee, I. You, and K. Yim. A brief survey on rootkit techniques in malicious codes. J. Internet Serv. Inf. Secur., 2(3/4):134–147, 2012.
[18] T. Kornau et al. Return oriented programming for the ARM architecture. PhD thesis, Master's thesis, Ruhr-Universität Bochum, 2010.
[19] J. Lee, H. Ham, I. Kim, and J. Song. Poster: Page table manipulation attack. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pages 1644–1646, 2015.
[20] S. Matsuoka. Fugaku and a64fx: the first exascale supercomputer and its innovative arm cpu. In 2021 Symposium on VLSI Circuits, pages 1–3. IEEE, 2021.
[21] N. L. Petroni Jr and M. Hicks. Automated detection of persistent kernel control-flow attacks. In Proceedings of the 14th ACM conference on Computer and communications security, pages 103–115, 2007.
[22] N. Rajovic, P. M. Carpenter, I. Gelado, N. Puzovic, A. Ramirez, and M. Valero. Supercomputing with commodity cpus: Are mobile socs ready for hpc? In Proceedings of the International Conference on High Performance Computing, Networking, Storage and Analysis, pages 1–12, 2013.
[23] N. Rajovic, A. Rico, N. Puzovic, C. Adeniyi-Jones, and A. Ramirez. Tibidabo: Making the case for an arm-based hpc system. Future Generation Computer Systems, 36:322–334, 2014.
[24] R. Riley, X. Jiang, and D. Xu. Guest-transparent prevention of kernel rootkits with vmm-based memory shadowing. In Recent Advances in Intrusion Detection: 11th International Symposium, RAID 2008, Cambridge, MA, USA, September 15-17, 2008. Proceedings 11, pages 1–20. Springer, 2008.
[25] S. Rostedt and R. Hat. Ftrace kernel hooks: more than just tracing. In Linux Plumbers Conference, 2014.
[26] A. Seshadri, M. Luk, N. Qu, and A. Perrig. Secvisor: A tiny hypervisor to provide lifetime kernel code integrity for commodity oses. In Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles, pages 335–350, 2007.
[27] Y. Sverdlik. Paypal deploys arm servers in data centers, 2015.
[28] D. Tian, R. Ma, X. Jia, and C. Hu. A kernel rootkit detection approach based on virtualization and machine learning. IEEE Access, 7:91657–91666, 2019.
[29] M. Tran, M. Etheridge, T. Bletsch, X. Jiang, V. Freeh, and P. Ning. On the expressiveness of return-into-libc attacks. In Recent Advances in Intrusion Detection: 14th International Symposium, RAID 2011, Menlo Park, CA, USA, September 20-21, 2011. Proceedings 14, pages 121–141. Springer, 2011.
[30] X. Wang, J. Zhang, A. Zhang, and J. Ren. Tkrd: Trusted kernel rootkit detection for cybersecurity of vms based on machine learning and memory forensic analysis. Mathematical Biosciences and Engineering, 16(4):2650–2667, 2019.
[31] J.-K. Zinzindohoué, K. Bhargavan, J. Protzenko, and B. Beurdouche. Hacl*: A verified modern cryptographic library. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pages 1789–1806, 2017.		-
dc.identifier.urihttp://tdr.lib.ntu.edu.tw/jspui/handle/123456789/91047-
dc.description.abstractNonezh_TW
dc.description.abstractMany of the currently running OSes in the cloud are monolithic. Unfortunately, a monolithic design is prone to be highly vulnerable due to the nature of its arrangement. A single kernel vulnerability or a rootkit could grant the attacker full authority over the system. To mitigate this issue, we present K-Int, an additional layer of protection that ensures the execution of only approved code with the superuser privilege while still allowing external module loading even if the kernel is compromised. Past research has proposed solutions to improve the security of monolithic kernels. However, very few of them were built on Arm64. By relying on virtualization, K-Int interposes on all updates to the kernel page table and kernel code. Therefore, it prevents kernel code modification and malicious kernel page table manipulation. Since K-Int relies only on the basic hypervisor and Arm64’s features, it does not need the host hypervisor to provide complex implementations. In this sense, K-int is an extension that would be portable on hypervisors. K-Int leverages Arm virtualization extensions to protect Arm64 kernels. It is built upon SeKVM and reuses its formally verified functionality. The code base is composed of 4205 LoC and only 3 hypercalls to apply the protective layer. The implementation of K-Int over SeKVM suggests just a small overhead in performance at run time (e.g. < 2%).en
dc.description.provenanceSubmitted by admin ntu (admin@lib.ntu.edu.tw) on 2023-10-24T16:52:56Z
No. of bitstreams: 0		en
dc.description.provenanceMade available in DSpace on 2023-10-24T16:52:56Z (GMT). No. of bitstreams: 0en
dc.description.tableofcontentsAbstract i
Contents iii
List of Figures v
List of Table vi
1.Introduction 1
2.Design Goal and Threat Model 4
2.1 Design Goals and Challenges 4
2.2 Threat Model and Assumption 5
3. Background 6
3.1 Overview of Arm’s Architecture 6
3.2 Overview of SeKVM 10
4. K-Int Design 13
4.1 W⊕PX 14
4.2 Kernel page table protection 15
4.3 Kernel Code Integrity 19
4.4 Module Management 21
5. Implementation 23
5.1 Subownership 24
5.2 Static Protection 25
5.3 Kernel Page Table Protection 28
5.4 W⊕PX 31
5.5 Loadable Kernel Modules 32
5.6 DMA Protection 36
6. Evaluation 37
6.1 Performance 37
6.2 Discussion 40
6.2.1 Comparison with Linux existing protection mechanism 40
6.2.2 Protection against real-world attacks 41
6.3 Limitation 44
6.4 Future Work 45
7. Related Work 49
8. Conclusion 52
References 53		-
dc.language.isoen-
dc.subject虛擬機zh_TW
dc.subjectKVMzh_TW
dc.subject系統核心完整性zh_TW
dc.subject系統安全zh_TW
dc.subjectVirtualizationen
dc.subjectSystem Securityen
dc.subjectKernel Integrityen
dc.subjectKVMen
dc.titleK-Int, 作業系統核心完整性保護之執行器zh_TW
dc.titleK-Int, Kernel Code Integrity Enforceren
dc.typeThesis-
dc.date.schoolyear111-2-
dc.description.degree碩士-
dc.contributor.oralexamcommittee蕭旭君;黃俊穎zh_TW
dc.contributor.oralexamcommitteeHsu-Chun Hsiao;Chun-Ying Huangen
dc.subject.keyword系統安全,系統核心完整性,KVM,虛擬機,zh_TW
dc.subject.keywordSystem Security,Kernel Integrity,KVM,Virtualization,en
dc.relation.page56-
dc.identifier.doi10.6342/NTU202301655-
dc.rights.note未授權-
dc.date.accepted2023-08-07-
dc.contributor.author-college電機資訊學院-
dc.contributor.author-dept資訊網路與多媒體研究所-
Appears in Collections:資訊網路與多媒體研究所

Files in This Item:
File SizeFormat 
ntu-111-2.pdf
  Restricted Access 		706.03 kBAdobe PDF
Show simple item record


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.

社群連結
聯絡資訊
10617臺北市大安區羅斯福路四段1號
No.1 Sec.4, Roosevelt Rd., Taipei, Taiwan, R.O.C. 106
Tel: (02)33662353
Email: ntuetds@ntu.edu.tw
意見箱
相關連結
館藏目錄
國內圖書館整合查詢 MetaCat
臺大學術典藏 NTU Scholars
臺大圖書館數位典藏館
本站聲明
© NTU Library All Rights Reserved