Abstract
The operating system kernel is the de facto trusted computing base for most computer systems. To secure the OS kernel, many security mechanisms, e.g., kASLR and StackGuard, have been increasingly deployed to defend against attacks (e.g., code reuse attack). However, the effectiveness of these protections has been proven to be inadequate-there are many information leak vulnerabilities in the kernel to leak the randomized pointer or canary, thus bypassing kASLR and StackGuard. Other sensitive data in the kernel, such as cryptographic keys and fle caches, can also be leaked. According to our study, most kernel information leaks are caused by uninitialized data reads. Unfortunately, existing techniques like memory safety enforcements and dynamic access tracking tools are not adequate or effcient enough to mitigate this threat. In this paper, we propose UniSan, a novel, compiler-based approach to eliminate all information leaks caused by uninitialized read in the OS kernel. UniSan achieves this goal using byte-level, fow-sensitive, context-sensitive, and feld-sensitive initialization analysis and reachability analysis to check whether an allocation has been fully initialized when it leaves kernel space; if not, it automatically instruments the kernel to initialize this allocation. UniSan's analyses are conservative to avoid false negatives and are robust by preserving the semantics of the OS kernel. We have implemented UniSan as passes in LLVM and applied it to the latest Linux kernel (x86-64) and Android kernel (AArch64). Our evaluation showed that UniSan can successfully prevent 43 known and many new uninitialized data leak vulnerabilities. Further, 19 new vulnerabilities in the latest kernels have been confrmed by Linux and Google. Our extensive performance evaluation with LMBench, ApacheBench, Android benchmarks, and the SPEC benchmarks also showed that UniSan imposes a negligible performance overhead.
Original language | English (US) |
---|---|
Title of host publication | CCS 2016 - Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security |
Publisher | Association for Computing Machinery |
Pages | 920-932 |
Number of pages | 13 |
ISBN (Electronic) | 9781450341394 |
DOIs | |
State | Published - Oct 24 2016 |
Event | 23rd ACM Conference on Computer and Communications Security, CCS 2016 - Vienna, Austria Duration: Oct 24 2016 → Oct 28 2016 |
Publication series
Name | Proceedings of the ACM Conference on Computer and Communications Security |
---|---|
Volume | 24-28-October-2016 |
ISSN (Print) | 1543-7221 |
Other
Other | 23rd ACM Conference on Computer and Communications Security, CCS 2016 |
---|---|
Country/Territory | Austria |
City | Vienna |
Period | 10/24/16 → 10/28/16 |
Bibliographical note
Publisher Copyright:© 2016 ACM.
Keywords
- Initialization analysis
- Kernel information leak
- Memory initialization
- Reachability analysis
- Uninitialized read