TY - JOUR
T1 - Commercial hypervisor-based task sandboxing mechanisms are unsecured? But we can fix it!
AU - Huo, Dongdong
AU - Cao, Chen
AU - Liu, Peng
AU - Wang, Yazhe
AU - Li, Mingxuan
AU - Xu, Zhen
N1 - Publisher Copyright:
© 2021 Elsevier B.V.
PY - 2021/6
Y1 - 2021/6
N2 - Cyber–Physical–Social Systems are frequently prescribed for providing valuable information on personalized services. The foundation of these services is big data which must be trustily collected and efficiently processed. Though High Performance Computing and Communication technique makes great contributions to addressing the issue of data processing, its effectiveness still relies on the veracity of data generated from Internet of Things (IoT) devices. Nevertheless, IoT devices, as basic production facilities to ensure data's security, are unable to deploy expensive security extensions. Consequently, it causes the implementation of the task sandboxing, the fundamental security mechanism in Real-Time Operating Systems (RTOSs), much simpler and more vulnerable. In this paper, we take ARM Mbed uVisor as an example system, utilizing hypervisor-based task sandboxing mechanisms, and presents three new findings: First, we discover vulnerabilities against Mbed task sandboxing, which can be exploited to compromise system-maintained data structure to manipulate any tasks’ data. Second, we present LIPS (Lightweight Intra-Mode Privilege Separation), building a special protection domain to isolate particular system-maintained data structures. Finally, thorough evaluation and experimental tests show the efficiency of LIPS to defeat these attacks, with small runtime overheads and good portability.
AB - Cyber–Physical–Social Systems are frequently prescribed for providing valuable information on personalized services. The foundation of these services is big data which must be trustily collected and efficiently processed. Though High Performance Computing and Communication technique makes great contributions to addressing the issue of data processing, its effectiveness still relies on the veracity of data generated from Internet of Things (IoT) devices. Nevertheless, IoT devices, as basic production facilities to ensure data's security, are unable to deploy expensive security extensions. Consequently, it causes the implementation of the task sandboxing, the fundamental security mechanism in Real-Time Operating Systems (RTOSs), much simpler and more vulnerable. In this paper, we take ARM Mbed uVisor as an example system, utilizing hypervisor-based task sandboxing mechanisms, and presents three new findings: First, we discover vulnerabilities against Mbed task sandboxing, which can be exploited to compromise system-maintained data structure to manipulate any tasks’ data. Second, we present LIPS (Lightweight Intra-Mode Privilege Separation), building a special protection domain to isolate particular system-maintained data structures. Finally, thorough evaluation and experimental tests show the efficiency of LIPS to defeat these attacks, with small runtime overheads and good portability.
UR - http://www.scopus.com/inward/record.url?scp=85104121036&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85104121036&partnerID=8YFLogxK
U2 - 10.1016/j.sysarc.2021.102114
DO - 10.1016/j.sysarc.2021.102114
M3 - Article
AN - SCOPUS:85104121036
SN - 1383-7621
VL - 116
JO - Journal of Systems Architecture
JF - Journal of Systems Architecture
M1 - 102114
ER -