Toward Linux kernel memory safety

Research output: Contribution to journalArticleScientificpeer-review

Standard

Toward Linux kernel memory safety. / Reshetova, Elena; Liljestrand, Hans; Paverd, Andrew; Asokan, N.

In: Software: Practice and Experience, Vol. 48, No. 12, 19.09.2018, p. 2237-2256.

Research output: Contribution to journalArticleScientificpeer-review

Harvard

APA

Vancouver

Author

Reshetova, Elena ; Liljestrand, Hans ; Paverd, Andrew ; Asokan, N. / Toward Linux kernel memory safety. In: Software: Practice and Experience. 2018 ; Vol. 48, No. 12. pp. 2237-2256.

Bibtex - Download

@article{ad5b82c32a104611b8f264df081e89eb,
title = "Toward Linux kernel memory safety",
abstract = "The security of billions of devices worldwide depends on the security and robustness of the mainline Linux kernel. However, the increasing number of kernel‐specific vulnerabilities, especially memory safety vulnerabilities, shows that the kernel is a popular and practically exploitable target. Two major causes of memory safety vulnerabilities are reference counter overflows (temporal memory errors) and lack of pointer bounds checking (spatial memory errors). To succeed in practice, security mechanisms for critical systems like the Linux kernel must also consider performance and deployability as critical design objectives. We present and systematically analyze two such mechanisms for improving memory safety in the Linux kernel, ie, (1) an overflow‐resistant reference counter data structure designed to securely accommodate typical reference counter usage in kernel source code and (2) runtime pointer bounds checking using Intel memory protection extension in the kernel. We have implemented both mechanisms and we analyze their security, performance, and deployability. We also reflect on our experience of engaging with Linux kernel developers and successfully integrating the new reference counter data structure into the mainline Linux kernel.",
author = "Elena Reshetova and Hans Liljestrand and Andrew Paverd and N. Asokan",
year = "2018",
month = "9",
day = "19",
doi = "10.1002/spe.2638",
language = "English",
volume = "48",
pages = "2237--2256",
journal = "SOFTWARE-PRACTICE AND EXPERIENCE",
issn = "0038-0644",
publisher = "John Wiley and Sons Ltd",
number = "12",

}

RIS - Download

TY - JOUR

T1 - Toward Linux kernel memory safety

AU - Reshetova, Elena

AU - Liljestrand, Hans

AU - Paverd, Andrew

AU - Asokan, N.

PY - 2018/9/19

Y1 - 2018/9/19

N2 - The security of billions of devices worldwide depends on the security and robustness of the mainline Linux kernel. However, the increasing number of kernel‐specific vulnerabilities, especially memory safety vulnerabilities, shows that the kernel is a popular and practically exploitable target. Two major causes of memory safety vulnerabilities are reference counter overflows (temporal memory errors) and lack of pointer bounds checking (spatial memory errors). To succeed in practice, security mechanisms for critical systems like the Linux kernel must also consider performance and deployability as critical design objectives. We present and systematically analyze two such mechanisms for improving memory safety in the Linux kernel, ie, (1) an overflow‐resistant reference counter data structure designed to securely accommodate typical reference counter usage in kernel source code and (2) runtime pointer bounds checking using Intel memory protection extension in the kernel. We have implemented both mechanisms and we analyze their security, performance, and deployability. We also reflect on our experience of engaging with Linux kernel developers and successfully integrating the new reference counter data structure into the mainline Linux kernel.

AB - The security of billions of devices worldwide depends on the security and robustness of the mainline Linux kernel. However, the increasing number of kernel‐specific vulnerabilities, especially memory safety vulnerabilities, shows that the kernel is a popular and practically exploitable target. Two major causes of memory safety vulnerabilities are reference counter overflows (temporal memory errors) and lack of pointer bounds checking (spatial memory errors). To succeed in practice, security mechanisms for critical systems like the Linux kernel must also consider performance and deployability as critical design objectives. We present and systematically analyze two such mechanisms for improving memory safety in the Linux kernel, ie, (1) an overflow‐resistant reference counter data structure designed to securely accommodate typical reference counter usage in kernel source code and (2) runtime pointer bounds checking using Intel memory protection extension in the kernel. We have implemented both mechanisms and we analyze their security, performance, and deployability. We also reflect on our experience of engaging with Linux kernel developers and successfully integrating the new reference counter data structure into the mainline Linux kernel.

U2 - 10.1002/spe.2638

DO - 10.1002/spe.2638

M3 - Article

VL - 48

SP - 2237

EP - 2256

JO - SOFTWARE-PRACTICE AND EXPERIENCE

JF - SOFTWARE-PRACTICE AND EXPERIENCE

SN - 0038-0644

IS - 12

ER -

ID: 29582567