TY - GEN
T1 - ICruiser
T2 - 2nd IEEE International Conference on Software Quality, Reliability and Security-Companion, QRS-C 2016
AU - Li, Wang
AU - Wu, Dinghao
AU - Liu, Peng
N1 - Publisher Copyright:
© 2016 IEEE.
PY - 2016/9/21
Y1 - 2016/9/21
N2 - Link-based data structures, like linked lists and binary trees, play an important role in organizing and maintaining kernel objects. Attackers have a strong motivation to tamper them for various malicious purposes. Although a lot of techniques have been proposed to protect kernel objects from unauthorized modifications, existing methods can hardly be applied to most kernel data structures. In this paper, we design iCruiser, a novel protection mechanism to universally secure the protected data fields in link-based data structures within kernel. iCruiser introduces a secure canary to guard the protected data fields, and it employs a stream cipher to prevent attackers from compromising the canary field. Without the seed key of the stream cipher, attackers can hardly conduct unauthorized modifications to the protected fields without being detected. Furthermore, to monitor the protection status of iCruiser, we employ the execution trace recording technologies to record the execution of iCruiser, which ensures that any attack attempt happening on iCruiser will be traceable and auditable. Through iCruiser, we can easily narrow down the attacking vectors of link-based kernel data structures for attackers. To show the effectiveness, we applied our design on some critical doubly linked lists in Linux kernel and analyzed the performance overhead at the instruction level.
AB - Link-based data structures, like linked lists and binary trees, play an important role in organizing and maintaining kernel objects. Attackers have a strong motivation to tamper them for various malicious purposes. Although a lot of techniques have been proposed to protect kernel objects from unauthorized modifications, existing methods can hardly be applied to most kernel data structures. In this paper, we design iCruiser, a novel protection mechanism to universally secure the protected data fields in link-based data structures within kernel. iCruiser introduces a secure canary to guard the protected data fields, and it employs a stream cipher to prevent attackers from compromising the canary field. Without the seed key of the stream cipher, attackers can hardly conduct unauthorized modifications to the protected fields without being detected. Furthermore, to monitor the protection status of iCruiser, we employ the execution trace recording technologies to record the execution of iCruiser, which ensures that any attack attempt happening on iCruiser will be traceable and auditable. Through iCruiser, we can easily narrow down the attacking vectors of link-based kernel data structures for attackers. To show the effectiveness, we applied our design on some critical doubly linked lists in Linux kernel and analyzed the performance overhead at the instruction level.
UR - http://www.scopus.com/inward/record.url?scp=84991764333&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84991764333&partnerID=8YFLogxK
U2 - 10.1109/QRS-C.2016.9
DO - 10.1109/QRS-C.2016.9
M3 - Conference contribution
AN - SCOPUS:84991764333
T3 - Proceedings - 2016 IEEE International Conference on Software Quality, Reliability and Security-Companion, QRS-C 2016
SP - 31
EP - 38
BT - Proceedings - 2016 IEEE International Conference on Software Quality, Reliability and Security-Companion, QRS-C 2016
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 1 August 2016 through 3 August 2016
ER -