透過基於時間間隔的監測器恢復内核模組錯誤

李宥霆; You-Ting Li

請用此 Handle URI 來引用此文件： http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/96164

完整後設資料紀錄

DC 欄位	值	語言
dc.contributor.advisor	黎士瑋	zh_TW
dc.contributor.advisor	Shih-Wei Li	en
dc.contributor.author	李宥霆	zh_TW
dc.contributor.author	You-Ting Li	en
dc.date.accessioned	2024-11-19T16:06:42Z	-
dc.date.available	2024-11-20	-
dc.date.copyright	2024-11-19	-
dc.date.issued	2024	-
dc.date.submitted	2024-10-17	-
dc.identifier.citation	[1] H.-S. Chen. Toward record replay of virtual machines on linux kvm for arm. In Proceedings of the 1st Workshop on Architectural and System Support for Improving Software Dependability, 2024. [2] A. A. Clements, N. S. Almakhdhub, S. Bagchi, and M. Payer. Aces: automatic compartments for embedded systems. In Proceedings of the 27th USENIX Conference on Security Symposium, SEC’18, page 65–82, USA, 2018. USENIX Association. [3] D. A. S. de Oliveira, J. R. Crandall, G. Wassermann, S. F. Wu, Z. Su, and F. T. Chong. Execrecorder: Vm-based full-system replay for attack analysis and system recovery. In Proceedings of the 1st Workshop on Architectural and System Support for Improving Software Dependability, ASID ’06, page 66–71, New York, NY, USA, 2006. Association for Computing Machinery. [4] L. Guo and F. X. Lin. Minimum viable device drivers for arm trustzone. In Proceedings of the Seventeenth European Conference on Computer Systems, EuroSys ’22, page 300–316, New York, NY, USA, 2022. Association for Computing Machinery. [5] G. Hong, S. J. Ahn, S. C. Han, T. Park, H. Yeom, and Y. Cho. Kckpt: checkpoint and recovery facility on unixware kernel. In Proceedings of the 15th International Conference on Computers and Their Applications (ISCA). Citeseer, 2000. [6] Y. Huang, V. Narayanan, D. Detweiler, K. Huang, G. Tan, T. Jaeger, and A. Burtsev. {KSplit}: Automating device driver isolation. In 16th USENIX Symposium on Operating Systems Design and Implementation (OSDI 22), pages 613–631, 2022. [7] kernel contributors. Memory Management APIs —The Linux Kernel documentation. [8] S.-W. Li, J. S. Koh, and J. Nieh. Protecting cloud virtual machines from hypervisor and host operating system exploits. In 28th USENIX Security Symposium (USENIX Security 19), pages 1357–1374, 2019. [9] S.-W. Li, X. Li, R. Gu, J. Nieh, and J. Z. Hui. Formally verified memory protection for a commodity multiprocessor hypervisor. In 30th USENIX Security Symposium (USENIX Security 21), pages 3953–3970, 2021. [10] Lilihsu. GitHub - lilihsu/llvm-project: The LLVM Project is a collection of modular and reusable compiler and toolchain technologies. [11] D. Lomet and G. Weikum. Efficient transparent application recovery in client-server information systems. In Proceedings of the 1998 ACM SIGMOD International Conference on Management of Data, SIGMOD ’98, page 460–471, New York, NY, USA, 1998. Association for Computing Machinery. [12] A. J. Mashtizadeh, T. Garfinkel, D. Terei, D. Mazieres, and M. Rosenblum. Towards practical default-on multi-core record/replay. ACM SIGPLAN Notices, 52(4):693–708, 2017. [13] D. P. McKee, Y. Giannaris, C. Ortega, H. E. Shrobe, M. Payer, H. Okhravi, and N. Burow. Preventing kernel hacks with hakcs. In NDSS, pages 1–17, 2022. [14] qemu contributors. CheckPoint and Restart (CPR) —QEMU documentation. [15] qemu contributors. Documentation/CreateSnapshot - QEMU. [16] qemu contributors. Record/replay —QEMU documentation. [17] J. Song, B. Kim, M. Kwak, B. Lee, E. Seo, and J. Jeong. A secure, fast, and {Resource-Efficient} serverless platform with function {REWIND}. In 2024 USENIX Annual Technical Conference (USENIX ATC 24), pages 597–613, 2024. [18] J. P. Walters and V. Chaudhary. Application-level checkpointing techniques for parallel programs. In University at Buffalo, The State University of New York, pages 222–233, 2006. [19] S. Wan, M. Sun, K. Sun, N. Zhang, and X. He. Rustee: Developing memory-safe arm trustzone applications. In Proceedings of the 36th Annual Computer Security Applications Conference, ACSAC ’20, page 442–453, New York, NY, USA, 2020. Association for Computing Machinery. [20] J. Wang, A. Li, H. Li, C. Lu, and N. Zhang. Rt-tee: Real-time system availability for cyber-physical systems using arm trustzone. In 2022 IEEE Symposium on Security and Privacy (SP), pages 352–369. IEEE, 2022. [21] Z. Yedidia. Lightweight fault isolation: Practical, efficient, and secure software sandboxing. In Proceedings of the 29th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 2, pages 649–665, 2024. [22] H. Zhong and J. Nieh. Crak: Linux checkpoint/restart as a kernel module. Technical report, Citeseer, 2001.	-
dc.identifier.uri	http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/96164	-
dc.description.abstract	作業系統核心的隔離對於系統本身安全的保護有著極大的好處。截至2023年為止，Linux Kernel的行數已超過三千六百萬行程式碼，龐大的代碼量對程式除錯的難度日益增加，系統核心工程師不經意的錯誤可能會導致核心毀損而panic，如null pointer deference、use after free。因此，我們在Arm v8的架構下提出了一套備份機制，首先會選定其中一種system call，將其定義為我們的compartment，並藉由分析該compartment的call graph，找出與核心其他部份share的global memory。針對這些記憶體內容，我們實作了一套Time Interval Based的Monitor，他會紀錄並備份所有process對該記憶體位置的更改情況。當隔離區域程式碼遇到錯誤時，先透過hypercall進入EL2回復暫存器的狀態，再讓monitor回復共享記憶體的內容，最後讓process回到進入system call前的系統狀態，並返回錯誤代碼，以讓使用者有機會處理核心錯誤，藉此達到系統核心保護及恢復的目的。	zh_TW
dc.description.abstract	The isolation of the operating system kernel is of great benefit to the security of the system itself. As of 2023, the Linux Kernel will have more than 36 million lines of code, and the huge amount of code will make it increasingly difficult to debug the program, and inadvertent mistakes made by the kernel engineers may cause the kernel to be corrupted and become panic, e.g., null pointer deference, use after free. Therefore, we propose a backup mechanism in the Arm v8 architecture, trying to prevent kernel crash after these mistakes causes kernel errors. Firstly, we will select one of the system calls, which is defined as our compartment, and analyze the control flow graph of the compartment to find out the global variables shared outside of the compartment. And then, we design a Time Interval Based Monitor, which can record and back up all value changes to the memory addresses. When the compartment encounters an error, the monitor can recover tracked memory locations, and allows the process to return to the original system state before entering the compartment, thus achieving the purpose of protecting the system kernel and maintaining kernel availability.	en
dc.description.provenance	Submitted by admin ntu (admin@lib.ntu.edu.tw) on 2024-11-19T16:06:42Z No. of bitstreams: 0	en
dc.description.provenance	Made available in DSpace on 2024-11-19T16:06:42Z (GMT). No. of bitstreams: 0	en
dc.description.tableofcontents	Verification Letter from the Oral Examination Committee i 摘要 iii Abstract v Contents vii List of Figures xi List of Tables xiii Chapter 1 Introduction 1 Chapter 2 Background 5 2.1 Overview of the ARM Architecture . . . . . . . . . . . . . . . . . . 5 2.1.1 Exception Level . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 2.1.2 Key Registers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 2.1.3 ARM TrustZone . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 2.2 SeKVM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 2.3 LLVM Intermediate Representation (LLVM IR) . . . . . . . . . . . . 9 2.4 Instrumentation Granularity for Monitor API . . . . . . . . . . . . . 10 2.4.1 Function Level Granularity . . . . . . . . . . . . . . . . . . . . . . 10 2.4.2 Assembly Level Granularity . . . . . . . . . . . . . . . . . . . . . 10 2.4.3 LLVM IR Level Granularity . . . . . . . . . . . . . . . . . . . . . 11 2.5 Control Flow Path . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 Chapter 3 Overview 13 Chapter 4 Threat Model 17 Chapter 5 Design 19 5.1 Motivation - Error Path Analyzing . . . . . . . . . . . . . . . . . . . 20 5.2 Time Interval-based Monitor . . . . . . . . . . . . . . . . . . . . . . 22 5.2.1 Shared Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 5.2.2 Synchronization Primitives . . . . . . . . . . . . . . . . . . . . . . 31 5.2.3 Heap Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 5.2.4 Shared Field . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 5.2.5 Registers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 5.2.6 Monitor State . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 5.3 Isolated Memory Address Space . . . . . . . . . . . . . . . . . . . . 41 Chapter 6 Evaluation 43 6.1 Performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 6.2 Security Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 Chapter 7 Related Work and Future Work 51 7.1 Related Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 7.1.1 Isolation Techniques . . . . . . . . . . . . . . . . . . . . . . . . . 52 7.1.2 Crash Recovery Mechanisms . . . . . . . . . . . . . . . . . . . . . 54 7.1.3 Combining Isolation and Recovery . . . . . . . . . . . . . . . . . . 55 7.2 Future Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57 Chapter 8 Conclusions 61 References 63 Appendix A — Introduction 67 A.1 Data Structures in the Monitor . . . . . . . . . . . . . . . . . . . . . 67	-
dc.language.iso	en	-
dc.subject	系統核心隔離	zh_TW
dc.subject	核心可用性	zh_TW
dc.subject	系統安全	zh_TW
dc.subject	Kernel Availability	en
dc.subject	System Security	en
dc.subject	System Kernel Isolation	en
dc.title	透過基於時間間隔的監測器恢復内核模組錯誤	zh_TW
dc.title	Kernel Modules Fault Recovery by a Time Interval-based Monitor	en
dc.type	Thesis	-
dc.date.schoolyear	113-1	-
dc.description.degree	碩士	-
dc.contributor.oralexamcommittee	蕭旭君;陳郁方	zh_TW
dc.contributor.oralexamcommittee	Hsu-Chun Hsiao;Yu-Fang Chen	en
dc.subject.keyword	系統安全,系統核心隔離,核心可用性,	zh_TW
dc.subject.keyword	System Security,System Kernel Isolation,Kernel Availability,	en
dc.relation.page	68	-
dc.identifier.doi	10.6342/NTU202404466	-
dc.rights.note	同意授權(全球公開)	-
dc.date.accepted	2024-10-18	-
dc.contributor.author-college	電機資訊學院	-
dc.contributor.author-dept	資訊工程學系	-
顯示於系所單位：	資訊工程學系

文件中的檔案：

檔案	大小	格式
ntu-113-1.pdf	1.22 MB	Adobe PDF	檢視/開啟

顯示文件簡單紀錄

系統中的文件，除了特別指名其著作權條款之外，均受到著作權保護，並且保留所有的權利。