K-Int, 作業系統核心完整性保護之執行器

Joey LI; Joey LI

請用此 Handle URI 來引用此文件： http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/91047

完整後設資料紀錄

DC 欄位	值	語言
dc.contributor.advisor	黎士瑋	zh_TW
dc.contributor.advisor	Shih-Wei Li	en
dc.contributor.author	Joey LI	zh_TW
dc.contributor.author	Joey LI	en
dc.date.accessioned	2023-10-24T16:52:56Z	-
dc.date.available	2025-10-17	-
dc.date.copyright	2023-10-24	-
dc.date.issued	2023	-
dc.date.submitted	2023-08-04	-
dc.identifier.citation	[1] Apache http server benchmarking tool. http://httpd.apache.org/docs/2.4/programs/ab.html. [2] Arm architecture reference manual for a-profile architecture,. https://developer.arm.com/documentation/ddi0487/latest/. [3] Arm system memory management unit architecture specification. https://developer.arm.com/documentation/ihi0070/latest. [4] Cve details linux kernel vulnerability statistics. https://www.cvedetails.com/product/47/Linux-Linux-Kernel.html?vendor_id=33. [5] Improve hackbench. http://people.redhat.com/mingo/cfs-scheduler/tools/hackbench.c, 2008. [6] Mwr labs. windows 8 kernel memory protections by-pass. http://labs.mwrinfosecurity.com/blog/2014/08/15/windows-8-kernel-memoryprotections-bypass, 2014. [7] Kaiser: hiding the kernel from user space. https://lwn.net/Articles/738975/, 2017. [8] Virtualization based security. https://learn.microsoft.com/en-us/windows-hardware/design/device-experiences/oem-vbs, 2023. [9] D. Boggs, G. Brown, N. Tuck, and K. Venkatraman. Denver: Nvidia’s first 64-bit arm processor. IEEE Micro, 35(2):46–55, 2015. [10] D. Calavera and L. Fontana. Linux Observability with BPF: Advanced Programming for Performance Analysis and Networking. O’Reilly Media, 2019. [11] N. Carlini, A. Barresi, M. Payer, D. Wagner, and T. R. Gross. {Control-Flow} bend-ing: On the effectiveness of {Control-Flow} integrity. In 24th USENIX Security Symposium (USENIX Security 15), pages 161–176, 2015. [12] N. Dautenhahn, T. Kasampalis, W. Dietz, J. Criswell, and V. Adve. Nested kernel: An operating system architecture for intra-kernel privilege separation. In Proceedings of the Twentieth International Conference on Architectural Support for Programming Languages and Operating Systems, pages 191–206, 2015. [13] L. Davi, D. Gens, C. Liebchen, and A.-R. Sadeghi. Pt-rand: Practical mitigation of data-only attacks against page tables. In NDSS, 2017. [14] X. Ge, H. Vijayakumar, and T. Jaeger. Sprobes: Enforcing kernel code integrity on the trustzone architecture. arXiv preprint arXiv:1410.7747, 2014. [15] X. Jiang, X. Wang, and D. Xu. Stealthy malware detection through vmm-based ｀out-of-the-box＇semantic view. In 14th ACM Conference on Computer and Communications Security (CCS), Alexandria, VA (November 2007), volume 10. [16] R. Jones. Netperf. https://github.com/HewlettPackard/netperf, Accessed 2023. [17] S. Kim, J. Park, K. Lee, I. You, and K. Yim. A brief survey on rootkit techniques in malicious codes. J. Internet Serv. Inf. Secur., 2(3/4):134–147, 2012. [18] T. Kornau et al. Return oriented programming for the ARM architecture. PhD thesis, Master＇s thesis, Ruhr-Universität Bochum, 2010. [19] J. Lee, H. Ham, I. Kim, and J. Song. Poster: Page table manipulation attack. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pages 1644–1646, 2015. [20] S. Matsuoka. Fugaku and a64fx: the first exascale supercomputer and its innovative arm cpu. In 2021 Symposium on VLSI Circuits, pages 1–3. IEEE, 2021. [21] N. L. Petroni Jr and M. Hicks. Automated detection of persistent kernel control-flow attacks. In Proceedings of the 14th ACM conference on Computer and communications security, pages 103–115, 2007. [22] N. Rajovic, P. M. Carpenter, I. Gelado, N. Puzovic, A. Ramirez, and M. Valero. Supercomputing with commodity cpus: Are mobile socs ready for hpc? In Proceedings of the International Conference on High Performance Computing, Networking, Storage and Analysis, pages 1–12, 2013. [23] N. Rajovic, A. Rico, N. Puzovic, C. Adeniyi-Jones, and A. Ramirez. Tibidabo: Making the case for an arm-based hpc system. Future Generation Computer Systems, 36:322–334, 2014. [24] R. Riley, X. Jiang, and D. Xu. Guest-transparent prevention of kernel rootkits with vmm-based memory shadowing. In Recent Advances in Intrusion Detection: 11th International Symposium, RAID 2008, Cambridge, MA, USA, September 15-17, 2008. Proceedings 11, pages 1–20. Springer, 2008. [25] S. Rostedt and R. Hat. Ftrace kernel hooks: more than just tracing. In Linux Plumbers Conference, 2014. [26] A. Seshadri, M. Luk, N. Qu, and A. Perrig. Secvisor: A tiny hypervisor to provide lifetime kernel code integrity for commodity oses. In Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles, pages 335–350, 2007. [27] Y. Sverdlik. Paypal deploys arm servers in data centers, 2015. [28] D. Tian, R. Ma, X. Jia, and C. Hu. A kernel rootkit detection approach based on virtualization and machine learning. IEEE Access, 7:91657–91666, 2019. [29] M. Tran, M. Etheridge, T. Bletsch, X. Jiang, V. Freeh, and P. Ning. On the expressiveness of return-into-libc attacks. In Recent Advances in Intrusion Detection: 14th International Symposium, RAID 2011, Menlo Park, CA, USA, September 20-21, 2011. Proceedings 14, pages 121–141. Springer, 2011. [30] X. Wang, J. Zhang, A. Zhang, and J. Ren. Tkrd: Trusted kernel rootkit detection for cybersecurity of vms based on machine learning and memory forensic analysis. Mathematical Biosciences and Engineering, 16(4):2650–2667, 2019. [31] J.-K. Zinzindohoué, K. Bhargavan, J. Protzenko, and B. Beurdouche. Hacl*: A verified modern cryptographic library. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pages 1789–1806, 2017.	-
dc.identifier.uri	http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/91047	-
dc.description.abstract	None	zh_TW
dc.description.abstract	Many of the currently running OSes in the cloud are monolithic. Unfortunately, a monolithic design is prone to be highly vulnerable due to the nature of its arrangement. A single kernel vulnerability or a rootkit could grant the attacker full authority over the system. To mitigate this issue, we present K-Int, an additional layer of protection that ensures the execution of only approved code with the superuser privilege while still allowing external module loading even if the kernel is compromised. Past research has proposed solutions to improve the security of monolithic kernels. However, very few of them were built on Arm64. By relying on virtualization, K-Int interposes on all updates to the kernel page table and kernel code. Therefore, it prevents kernel code modification and malicious kernel page table manipulation. Since K-Int relies only on the basic hypervisor and Arm64’s features, it does not need the host hypervisor to provide complex implementations. In this sense, K-int is an extension that would be portable on hypervisors. K-Int leverages Arm virtualization extensions to protect Arm64 kernels. It is built upon SeKVM and reuses its formally verified functionality. The code base is composed of 4205 LoC and only 3 hypercalls to apply the protective layer. The implementation of K-Int over SeKVM suggests just a small overhead in performance at run time (e.g. < 2%).	en
dc.description.provenance	Submitted by admin ntu (admin@lib.ntu.edu.tw) on 2023-10-24T16:52:56Z No. of bitstreams: 0	en
dc.description.provenance	Made available in DSpace on 2023-10-24T16:52:56Z (GMT). No. of bitstreams: 0	en
dc.description.tableofcontents	Abstract i Contents iii List of Figures v List of Table vi 1.Introduction 1 2.Design Goal and Threat Model 4 2.1 Design Goals and Challenges 4 2.2 Threat Model and Assumption 5 3. Background 6 3.1 Overview of Arm’s Architecture 6 3.2 Overview of SeKVM 10 4. K-Int Design 13 4.1 W⊕PX 14 4.2 Kernel page table protection 15 4.3 Kernel Code Integrity 19 4.4 Module Management 21 5. Implementation 23 5.1 Subownership 24 5.2 Static Protection 25 5.3 Kernel Page Table Protection 28 5.4 W⊕PX 31 5.5 Loadable Kernel Modules 32 5.6 DMA Protection 36 6. Evaluation 37 6.1 Performance 37 6.2 Discussion 40 6.2.1 Comparison with Linux existing protection mechanism 40 6.2.2 Protection against real-world attacks 41 6.3 Limitation 44 6.4 Future Work 45 7. Related Work 49 8. Conclusion 52 References 53	-
dc.language.iso	en	-
dc.subject	虛擬機	zh_TW
dc.subject	KVM	zh_TW
dc.subject	系統核心完整性	zh_TW
dc.subject	系統安全	zh_TW
dc.subject	Virtualization	en
dc.subject	System Security	en
dc.subject	Kernel Integrity	en
dc.subject	KVM	en
dc.title	K-Int, 作業系統核心完整性保護之執行器	zh_TW
dc.title	K-Int, Kernel Code Integrity Enforcer	en
dc.type	Thesis	-
dc.date.schoolyear	111-2	-
dc.description.degree	碩士	-
dc.contributor.oralexamcommittee	蕭旭君;黃俊穎	zh_TW
dc.contributor.oralexamcommittee	Hsu-Chun Hsiao;Chun-Ying Huang	en
dc.subject.keyword	系統安全,系統核心完整性,KVM,虛擬機,	zh_TW
dc.subject.keyword	System Security,Kernel Integrity,KVM,Virtualization,	en
dc.relation.page	56	-
dc.identifier.doi	10.6342/NTU202301655	-
dc.rights.note	未授權	-
dc.date.accepted	2023-08-07	-
dc.contributor.author-college	電機資訊學院	-
dc.contributor.author-dept	資訊網路與多媒體研究所	-
顯示於系所單位：	資訊網路與多媒體研究所

文件中的檔案：

檔案	大小	格式
ntu-111-2.pdf 未授權公開取用	706.03 kB	Adobe PDF

顯示文件簡單紀錄

系統中的文件，除了特別指名其著作權條款之外，均受到著作權保護，並且保留所有的權利。