Commercial hypervisor-based task sandboxing mechanisms are unsecured? But we can fix it!

Dongdong Huo; Chen Cao; Peng Liu; Yazhe Wang; Mingxuan Li; Zhen Xu

doi:10.1016/j.sysarc.2021.102114

Commercial hypervisor-based task sandboxing mechanisms are unsecured? But we can fix it!

Dongdong Huo, Chen Cao, Peng Liu, Yazhe Wang, Mingxuan Li, Zhen Xu

Research output: Contribution to journal › Article › peer-review

2 Scopus citations

Abstract

Cyber–Physical–Social Systems are frequently prescribed for providing valuable information on personalized services. The foundation of these services is big data which must be trustily collected and efficiently processed. Though High Performance Computing and Communication technique makes great contributions to addressing the issue of data processing, its effectiveness still relies on the veracity of data generated from Internet of Things (IoT) devices. Nevertheless, IoT devices, as basic production facilities to ensure data's security, are unable to deploy expensive security extensions. Consequently, it causes the implementation of the task sandboxing, the fundamental security mechanism in Real-Time Operating Systems (RTOSs), much simpler and more vulnerable. In this paper, we take ARM Mbed uVisor as an example system, utilizing hypervisor-based task sandboxing mechanisms, and presents three new findings: First, we discover vulnerabilities against Mbed task sandboxing, which can be exploited to compromise system-maintained data structure to manipulate any tasks’ data. Second, we present LIPS (Lightweight Intra-Mode Privilege Separation), building a special protection domain to isolate particular system-maintained data structures. Finally, thorough evaluation and experimental tests show the efficiency of LIPS to defeat these attacks, with small runtime overheads and good portability.

Original language	English (US)
Article number	102114
Journal	Journal of Systems Architecture
Volume	116
DOIs	https://doi.org/10.1016/j.sysarc.2021.102114
State	Published - Jun 2021

All Science Journal Classification (ASJC) codes

Software
Hardware and Architecture

Access to Document

10.1016/j.sysarc.2021.102114

Cite this

@article{fc2e42b693d041328838655fbc113f08,

title = "Commercial hypervisor-based task sandboxing mechanisms are unsecured? But we can fix it!",

abstract = "Cyber–Physical–Social Systems are frequently prescribed for providing valuable information on personalized services. The foundation of these services is big data which must be trustily collected and efficiently processed. Though High Performance Computing and Communication technique makes great contributions to addressing the issue of data processing, its effectiveness still relies on the veracity of data generated from Internet of Things (IoT) devices. Nevertheless, IoT devices, as basic production facilities to ensure data's security, are unable to deploy expensive security extensions. Consequently, it causes the implementation of the task sandboxing, the fundamental security mechanism in Real-Time Operating Systems (RTOSs), much simpler and more vulnerable. In this paper, we take ARM Mbed uVisor as an example system, utilizing hypervisor-based task sandboxing mechanisms, and presents three new findings: First, we discover vulnerabilities against Mbed task sandboxing, which can be exploited to compromise system-maintained data structure to manipulate any tasks{\textquoteright} data. Second, we present LIPS (Lightweight Intra-Mode Privilege Separation), building a special protection domain to isolate particular system-maintained data structures. Finally, thorough evaluation and experimental tests show the efficiency of LIPS to defeat these attacks, with small runtime overheads and good portability.",

author = "Dongdong Huo and Chen Cao and Peng Liu and Yazhe Wang and Mingxuan Li and Zhen Xu",

note = "Funding Information: Peng Liu (M{\textquoteright}99) received the B.S. and M.S. degrees from the University of Science and Technology of China, Hefei, China, and the Ph.D. degree from George Mason University, Fairfax, VA, USA, in 1999. He is a Professor of information sciences and technology, the Founding Director of the Center for Cyber-Security, Information Privacy, and Trust, and the Founding Director of the Cyber Security Laboratory, Pennsylvania State University, State College, PA, USA. He has authored or co-authored a monograph and over 260 refereed technical papers. His research has been sponsored by the U.S. National Science Foundation, ARO, AFOSR, DARPA, DHS, DOE, AFRL, NSA, TTC, CISCO, and HP. His current research interests include computer and network security. Dr. Liu has served on over 100 Program Committees and reviewed papers for numerous journals. Funding Information: The authors would like to thank the anonymous reviewers for their critical suggestions that greatly improved the paper quality. This work is supported by the National Key R&D Program of China (No. 2019YFB1706000 ). Publisher Copyright: {\textcopyright} 2021 Elsevier B.V.",

year = "2021",

month = jun,

doi = "10.1016/j.sysarc.2021.102114",

language = "English (US)",

volume = "116",

journal = "Journal of Systems Architecture",

issn = "1383-7621",

publisher = "Elsevier",

}

TY - JOUR

T1 - Commercial hypervisor-based task sandboxing mechanisms are unsecured? But we can fix it!

AU - Huo, Dongdong

AU - Cao, Chen

AU - Liu, Peng

AU - Wang, Yazhe

AU - Li, Mingxuan

AU - Xu, Zhen

N1 - Funding Information: Peng Liu (M’99) received the B.S. and M.S. degrees from the University of Science and Technology of China, Hefei, China, and the Ph.D. degree from George Mason University, Fairfax, VA, USA, in 1999. He is a Professor of information sciences and technology, the Founding Director of the Center for Cyber-Security, Information Privacy, and Trust, and the Founding Director of the Cyber Security Laboratory, Pennsylvania State University, State College, PA, USA. He has authored or co-authored a monograph and over 260 refereed technical papers. His research has been sponsored by the U.S. National Science Foundation, ARO, AFOSR, DARPA, DHS, DOE, AFRL, NSA, TTC, CISCO, and HP. His current research interests include computer and network security. Dr. Liu has served on over 100 Program Committees and reviewed papers for numerous journals. Funding Information: The authors would like to thank the anonymous reviewers for their critical suggestions that greatly improved the paper quality. This work is supported by the National Key R&D Program of China (No. 2019YFB1706000 ). Publisher Copyright: © 2021 Elsevier B.V.

PY - 2021/6

Y1 - 2021/6

N2 - Cyber–Physical–Social Systems are frequently prescribed for providing valuable information on personalized services. The foundation of these services is big data which must be trustily collected and efficiently processed. Though High Performance Computing and Communication technique makes great contributions to addressing the issue of data processing, its effectiveness still relies on the veracity of data generated from Internet of Things (IoT) devices. Nevertheless, IoT devices, as basic production facilities to ensure data's security, are unable to deploy expensive security extensions. Consequently, it causes the implementation of the task sandboxing, the fundamental security mechanism in Real-Time Operating Systems (RTOSs), much simpler and more vulnerable. In this paper, we take ARM Mbed uVisor as an example system, utilizing hypervisor-based task sandboxing mechanisms, and presents three new findings: First, we discover vulnerabilities against Mbed task sandboxing, which can be exploited to compromise system-maintained data structure to manipulate any tasks’ data. Second, we present LIPS (Lightweight Intra-Mode Privilege Separation), building a special protection domain to isolate particular system-maintained data structures. Finally, thorough evaluation and experimental tests show the efficiency of LIPS to defeat these attacks, with small runtime overheads and good portability.

AB - Cyber–Physical–Social Systems are frequently prescribed for providing valuable information on personalized services. The foundation of these services is big data which must be trustily collected and efficiently processed. Though High Performance Computing and Communication technique makes great contributions to addressing the issue of data processing, its effectiveness still relies on the veracity of data generated from Internet of Things (IoT) devices. Nevertheless, IoT devices, as basic production facilities to ensure data's security, are unable to deploy expensive security extensions. Consequently, it causes the implementation of the task sandboxing, the fundamental security mechanism in Real-Time Operating Systems (RTOSs), much simpler and more vulnerable. In this paper, we take ARM Mbed uVisor as an example system, utilizing hypervisor-based task sandboxing mechanisms, and presents three new findings: First, we discover vulnerabilities against Mbed task sandboxing, which can be exploited to compromise system-maintained data structure to manipulate any tasks’ data. Second, we present LIPS (Lightweight Intra-Mode Privilege Separation), building a special protection domain to isolate particular system-maintained data structures. Finally, thorough evaluation and experimental tests show the efficiency of LIPS to defeat these attacks, with small runtime overheads and good portability.

UR - http://www.scopus.com/inward/record.url?scp=85104121036&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85104121036&partnerID=8YFLogxK

U2 - 10.1016/j.sysarc.2021.102114

DO - 10.1016/j.sysarc.2021.102114

M3 - Article

AN - SCOPUS:85104121036

SN - 1383-7621

VL - 116

JO - Journal of Systems Architecture

JF - Journal of Systems Architecture

M1 - 102114

ER -

Commercial hypervisor-based task sandboxing mechanisms are unsecured? But we can fix it!

Abstract

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this