SFP: Providing System Call Flow Protection against Software and Fault Attacks

01/07/2023
by   Robert Schilling, et al.
0

With the improvements in computing technologies, edge devices in the Internet-of-Things have become more complex. The enabler technology for these complex systems are powerful application core processors with operating system support, such as Linux. While the isolation of applications through the operating system increases the security, the interface to the kernel poses a new threat. Different attack vectors, including fault attacks and memory vulnerabilities, exploit the kernel interface to escalate privileges and take over the system. In this work, we present SFP, a mechanism to protect the execution of system calls against software and fault attacks providing integrity to user-kernel transitions. SFP provides system call flow integrity by a two-step linking approach, which links the system call and its origin to the state of control-flow integrity. A second linking step within the kernel ensures that the right system call is executed in the kernel. Combining both linking steps ensures that only the correct system call is executed at the right location in the program and cannot be skipped. Furthermore, SFP provides dynamic CFI instrumentation and a new CFI checking policy at the edge of the kernel to verify the control-flow state of user programs before entering the kernel. We integrated SFP into FIPAC, a CFI protection scheme exploiting ARM pointer authentication. Our prototype is based on a custom LLVM-based toolchain with an instrumented runtime library combined with a custom Linux kernel to protect system calls. The evaluation of micro- and macrobenchmarks based on SPEC 2017 show an average runtime overhead of 1.9 of 1.8 performance shows the efficiency of SFP for protecting all system calls and providing integrity for the user-kernel transitions.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
04/30/2021

FIPAC: Thwarting Fault- and Software-Induced Control-Flow Attacks with ARM Pointer Authentication

With the improvements of computing technology, more and more application...
research
02/28/2022

SFIP: Coarse-Grained Syscall-Flow-Integrity Protection in Modern Systems

Growing code bases of modern applications have led to a steady increase ...
research
12/23/2019

ARM Pointer Authentication based Forward-Edge and Backward-Edge Control Flow Integrity for Kernels

Code reuse attacks are still big threats to software and system security...
research
04/19/2020

ferify: A Virtual Machine File Protection System against Zero-Day Attacks

Most existing solutions for protecting VMs assume known attack patterns ...
research
05/15/2023

BRF: eBPF Runtime Fuzzer

The eBPF technology in the Linux kernel has been widely adopted for diff...
research
01/31/2022

AnyCall: Fast and Flexible System-Call Aggregation

Operating systems rely on system calls to allow the controlled communica...
research
12/14/2021

In-Kernel Control-Flow Integrity on Commodity OSes using ARM Pointer Authentication

This paper presents an in-kernel, hardware-based control-flow integrity ...

Please sign up or login with your details

Forgot password? Click here to reset