Adelie: Continuous Address Space Layout Re-randomization for Linux Drivers

Ruslan Nikolaev, Hassan Nadeem, Cathlyn Stone, Binoy Ravindran

Research output: Chapter in Book/Report/Conference proceedingConference contribution

14 Scopus citations

Abstract

While address space layout randomization (ASLR) has been extensively studied for user-space programs, the corresponding OS kernel's KASLR support remains very limited, making the kernel vulnerable to just-in-Time (JIT) return-oriented programming (ROP) attacks. Furthermore, commodity OSs such as Linux restrict their KASLR range to 32 bits due to architectural constraints (e.g., x86-64 only supports 32-bit immediate operands for most instructions), which makes them vulnerable to even unsophisticated brute-force ROP attacks due to low entropy. Most in-kernel pointers remain static, exacerbating the problem when pointers are leaked. Adelie, our kernel defense mechanism, overcomes KASLR limitations, increases KASLR entropy, and makes successful ROP attacks on the Linux kernel much harder to achieve. First, Adelie enables the position-independent code (PIC) model so that the kernel and its modules can be placed anywhere in the 64-bit virtual address space, at any distance apart from each other. Second, Adelie implements stack re-randomization and address encryption on modules. Finally, Adelie enables efficient continuous KASLR for modules by using the PIC model to make it (almost) impossible to inject ROP gadgets through these modules regardless of gadget's origin. Since device drivers (typically compiled as modules) are often developed by third parties and are typically less tested than core OS parts, they are also often more vulnerable. By fully re-randomizing device drivers, the last two contributions together prevent most JIT ROP attacks since vulnerable modules are very likely to be a starting point of an attack. Furthermore, some OS instances in virtualized environments are specifically designated to run device drivers, where drivers are the primary target of JIT ROP attacks. Using a GCC plugin that we developed, we automatically modify different kinds of kernel modules. Since the prior art tackles only user-space programs, we solve many challenges unique to the kernel code. Our evaluation shows high efficiency of Adelie's approach: The overhead of the PIC model is completely negligible and re-randomization cost remains reasonable for typical use cases.

Original languageEnglish (US)
Title of host publicationASPLOS 2022 - Proceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems
EditorsBabak Falsafi, Michael Ferdman, Shan Lu, Thomas F. Wenisch
PublisherAssociation for Computing Machinery
Pages483-498
Number of pages16
ISBN (Electronic)9781450392051
DOIs
StatePublished - Feb 28 2022
Event27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS 2022 - Virtual, Online, Switzerland
Duration: Feb 28 2022Mar 4 2022

Publication series

NameInternational Conference on Architectural Support for Programming Languages and Operating Systems - ASPLOS

Conference

Conference27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS 2022
Country/TerritorySwitzerland
CityVirtual, Online
Period2/28/223/4/22

All Science Journal Classification (ASJC) codes

  • Software
  • Information Systems
  • Hardware and Architecture

Fingerprint

Dive into the research topics of 'Adelie: Continuous Address Space Layout Re-randomization for Linux Drivers'. Together they form a unique fingerprint.

Cite this