摘要
内核安全维系着应用程序的正常运行,而内核错误却仍被周期性地发现,且多数错误是由模块加载机制将存在问题的设备驱动引入内核所致.基于LLVM编译器基础架构,提出FPSFI驱动错误运行时隔离机制,使驱动错误隔离机制分解为涉敏函数注册、驱动错误定位与检测函数的插装等三个模块,有效地阻止了由内核API完整性缺失所导致的权限非法提升以及内存空间被多次释放等常见驱动错误.相比于之前的方法,FPSFI将错误分析与定位实现在编译器后端,减少了人工添加检测代码的工作量,而检测函数的单独实现与编译,使得隔离机制对内核接口的依赖程度有所降低.基于Linux平台的测试结果表明,FPSFI能够有效阻止两类典型的驱动错误;FPSFI对后端编译器改动所造成的时间开销比为18.7%;对网络模块的压力测试结果显示,FPSFI不会显著影响CPU利用率以及TCP吞吐量,UDP吞吐量下降17%.
The security of many applications relies on the kernel being secure, but history suggests that kernel vulnerabilities are rou- tinely discovered and exploited. In particular, exploitable vulnerabilities in kernel modules are common. This paper proposes FPSFI, a system based on LLVM compiler infrastructure, which isolates kernel modules from the core kernel so that vulnerabilities in kernel modules cannot lead to a privilege escalation attack. To dereference the dependency between system implementation and kernel inter- face, FPSFI decomposes the empirical isolation work into three sub-systems, with the FPSFI backend analyzer to instrument checking functions, and sensitive and checking function sets to manage operations on two types of functions respectively. An evaluation with Linux shows that the workloads required on kernel functions to support a new module are moderate, and that FPSFI is able to prevent two known privilege-escalation vulnerabilities. Stress tests of a network driver module also show that isolating this module'using FPS- FI does not hurt TCP throughput and CPU utilization but reduces UDP throughput by 17%.
出处
《小型微型计算机系统》
CSCD
北大核心
2013年第10期2246-2250,共5页
Journal of Chinese Computer Systems
基金
国家"八六三"高技术研究发展计划项目(2011AAO1A203)资助
关键词
操作系统
安全
驱动
软件错误隔离
operating system
security
drivers
SFI ( software fault isolation )