Hart: Hardware-assisted kernel module tracing on arm

Yunlan Du; Zhenyu Ning; Jun Xu; Zhilong Wang; Yueh Hsun Lin; Fengwei Zhang; Xinyu Xing; Bing Mao

doi:10.1007/978-3-030-58951-6_16

Hart: Hardware-assisted kernel module tracing on arm

Yunlan Du, Zhenyu Ning, Jun Xu, Zhilong Wang, Yueh Hsun Lin, Fengwei Zhang, Xinyu Xing, Bing Mao

College of Information Sciences and Technology

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

7 Scopus citations

Abstract

While the usage of kernel modules has become more prevalent from mobile to IoT devices, it poses an increased threat to computer systems since the modules enjoy high privileges as the main kernel but lack the matching robustness and security. In this work, we propose HART, a modular and dynamic tracing framework enabled by the Embedded Trace Macrocell (ETM) debugging feature in Arm processors. Powered by even the minimum supports of ETM, HART can trace binary-only modules without any modification to the main kernel efficiently, and plug and play on any module at any time. Besides, HART provides convenient interfaces for users to further build tracing-based security solutions, such as the modular AddressSanitizer HASAN we demonstrated. Our evaluation shows that HART and HASAN incur the average overhead of 5% and 6% on 6 widely-used benchmarks, and HASAN detects all vulnerabilities in various types, proving their efficiency and effectiveness.

Original language	English (US)
Title of host publication	Computer Security – ESORICS 2020 - 25th European Symposium on Research in Computer Security, Proceedings
Editors	Liqun Chen, Steve Schneider, Ninghui Li, Kaitai Liang
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	316-337
Number of pages	22
ISBN (Print)	9783030589509
DOIs	https://doi.org/10.1007/978-3-030-58951-6_16
State	Published - 2020
Event	25th European Symposium on Research in Computer Security, ESORICS 2020 - Guildford, United Kingdom Duration: Sep 14 2020 → Sep 18 2020

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	12308 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	25th European Symposium on Research in Computer Security, ESORICS 2020
Country/Territory	United Kingdom
City	Guildford
Period	9/14/20 → 9/18/20

All Science Journal Classification (ASJC) codes

Theoretical Computer Science
General Computer Science

Access to Document

10.1007/978-3-030-58951-6_16

Cite this

Du, Y., Ning, Z., Xu, J., Wang, Z., Lin, Y. H., Zhang, F., Xing, X., & Mao, B. (2020). Hart: Hardware-assisted kernel module tracing on arm. In L. Chen, S. Schneider, N. Li, & K. Liang (Eds.), Computer Security – ESORICS 2020 - 25th European Symposium on Research in Computer Security, Proceedings (pp. 316-337). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 12308 LNCS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-030-58951-6_16

Du, Yunlan ; Ning, Zhenyu ; Xu, Jun et al. / Hart : Hardware-assisted kernel module tracing on arm. Computer Security – ESORICS 2020 - 25th European Symposium on Research in Computer Security, Proceedings. editor / Liqun Chen ; Steve Schneider ; Ninghui Li ; Kaitai Liang. Springer Science and Business Media Deutschland GmbH, 2020. pp. 316-337 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{83e60a5c60cd424e9df9cbd5c352e1d3,

title = "Hart: Hardware-assisted kernel module tracing on arm",

abstract = "While the usage of kernel modules has become more prevalent from mobile to IoT devices, it poses an increased threat to computer systems since the modules enjoy high privileges as the main kernel but lack the matching robustness and security. In this work, we propose HART, a modular and dynamic tracing framework enabled by the Embedded Trace Macrocell (ETM) debugging feature in Arm processors. Powered by even the minimum supports of ETM, HART can trace binary-only modules without any modification to the main kernel efficiently, and plug and play on any module at any time. Besides, HART provides convenient interfaces for users to further build tracing-based security solutions, such as the modular AddressSanitizer HASAN we demonstrated. Our evaluation shows that HART and HASAN incur the average overhead of 5% and 6% on 6 widely-used benchmarks, and HASAN detects all vulnerabilities in various types, proving their efficiency and effectiveness.",

author = "Yunlan Du and Zhenyu Ning and Jun Xu and Zhilong Wang and Lin, {Yueh Hsun} and Fengwei Zhang and Xinyu Xing and Bing Mao",

note = "Publisher Copyright: {\textcopyright} Springer Nature Switzerland AG 2020.; 25th European Symposium on Research in Computer Security, ESORICS 2020 ; Conference date: 14-09-2020 Through 18-09-2020",

year = "2020",

doi = "10.1007/978-3-030-58951-6_16",

language = "English (US)",

isbn = "9783030589509",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "316--337",

editor = "Liqun Chen and Steve Schneider and Ninghui Li and Kaitai Liang",

booktitle = "Computer Security – ESORICS 2020 - 25th European Symposium on Research in Computer Security, Proceedings",

address = "Germany",

}

Du, Y, Ning, Z, Xu, J, Wang, Z, Lin, YH, Zhang, F, Xing, X & Mao, B 2020, Hart: Hardware-assisted kernel module tracing on arm. in L Chen, S Schneider, N Li & K Liang (eds), Computer Security – ESORICS 2020 - 25th European Symposium on Research in Computer Security, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 12308 LNCS, Springer Science and Business Media Deutschland GmbH, pp. 316-337, 25th European Symposium on Research in Computer Security, ESORICS 2020, Guildford, United Kingdom, 9/14/20. https://doi.org/10.1007/978-3-030-58951-6_16

Hart: Hardware-assisted kernel module tracing on arm. / Du, Yunlan; Ning, Zhenyu; Xu, Jun et al.
Computer Security – ESORICS 2020 - 25th European Symposium on Research in Computer Security, Proceedings. ed. / Liqun Chen; Steve Schneider; Ninghui Li; Kaitai Liang. Springer Science and Business Media Deutschland GmbH, 2020. p. 316-337 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 12308 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Hart

T2 - 25th European Symposium on Research in Computer Security, ESORICS 2020

AU - Du, Yunlan

AU - Ning, Zhenyu

AU - Xu, Jun

AU - Wang, Zhilong

AU - Lin, Yueh Hsun

AU - Zhang, Fengwei

AU - Xing, Xinyu

AU - Mao, Bing

PY - 2020

Y1 - 2020

N2 - While the usage of kernel modules has become more prevalent from mobile to IoT devices, it poses an increased threat to computer systems since the modules enjoy high privileges as the main kernel but lack the matching robustness and security. In this work, we propose HART, a modular and dynamic tracing framework enabled by the Embedded Trace Macrocell (ETM) debugging feature in Arm processors. Powered by even the minimum supports of ETM, HART can trace binary-only modules without any modification to the main kernel efficiently, and plug and play on any module at any time. Besides, HART provides convenient interfaces for users to further build tracing-based security solutions, such as the modular AddressSanitizer HASAN we demonstrated. Our evaluation shows that HART and HASAN incur the average overhead of 5% and 6% on 6 widely-used benchmarks, and HASAN detects all vulnerabilities in various types, proving their efficiency and effectiveness.

AB - While the usage of kernel modules has become more prevalent from mobile to IoT devices, it poses an increased threat to computer systems since the modules enjoy high privileges as the main kernel but lack the matching robustness and security. In this work, we propose HART, a modular and dynamic tracing framework enabled by the Embedded Trace Macrocell (ETM) debugging feature in Arm processors. Powered by even the minimum supports of ETM, HART can trace binary-only modules without any modification to the main kernel efficiently, and plug and play on any module at any time. Besides, HART provides convenient interfaces for users to further build tracing-based security solutions, such as the modular AddressSanitizer HASAN we demonstrated. Our evaluation shows that HART and HASAN incur the average overhead of 5% and 6% on 6 widely-used benchmarks, and HASAN detects all vulnerabilities in various types, proving their efficiency and effectiveness.

UR - http://www.scopus.com/inward/record.url?scp=85091560404&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85091560404&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-58951-6_16

DO - 10.1007/978-3-030-58951-6_16

M3 - Conference contribution

AN - SCOPUS:85091560404

SN - 9783030589509

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 316

EP - 337

BT - Computer Security – ESORICS 2020 - 25th European Symposium on Research in Computer Security, Proceedings

A2 - Chen, Liqun

A2 - Schneider, Steve

A2 - Li, Ninghui

A2 - Liang, Kaitai

PB - Springer Science and Business Media Deutschland GmbH

Y2 - 14 September 2020 through 18 September 2020

ER -

Du Y, Ning Z, Xu J, Wang Z, Lin YH, Zhang F et al. Hart: Hardware-assisted kernel module tracing on arm. In Chen L, Schneider S, Li N, Liang K, editors, Computer Security – ESORICS 2020 - 25th European Symposium on Research in Computer Security, Proceedings. Springer Science and Business Media Deutschland GmbH. 2020. p. 316-337. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-030-58951-6_16

Hart: Hardware-assisted kernel module tracing on arm

Abstract

Publication series

Conference

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this