Compartmentalizing Vulnerable Kernel Components Without Stopping the Machine - Qinrun Dai
Compartmentalizing Vulnerable Kernel Components Without Stopping the Machine - Qinrun Dai, University of Colorado - Boulder
Device drivers are relatively low-quality yet take 70% of the kernel codebase. Thus, attackers can exploit vulnerabilities in them. While compartmentalizing vulnerable drivers can enhance security, existing methods are limited, preventing them from being widely deployed: rebooting the system is necessary which inevitably interrupts services. Syzkaller’s data indicates that avg. 7.62 unique kernel panics are reported per day. It means the machine would need multiple reboots in one day to enforce compartmentalization, which is unacceptable. In this talk, we will explore the potential of on-the-fly enforcement, the main challenge of which lies in handling transition hazards - pre-existing objects are untracked and can be misused. We will demo this attack by exploiting CVE-2022-0995, followed by O2C which aims to mitigate transition hazards. O2C has two key technical innovations: 1. software-based compartmentalization using eBPF. 2. embedding an ML model into the kernel, which lacks floating point support. O2C shows negligible overhead and excellent scalability. Detailed measurement results will be presented in the talk and the code is available at https://github.com/a8stract-lab/o2c.
Additional contributors - Tiejin Chen & Hua Wei, Arizona State University and Zicheng Wang, Nanjing University
Device drivers are relatively low-quality yet take 70% of the kernel codebase. Thus, attackers can exploit vulnerabilities in them. While compartmentalizing vulnerable drivers can enhance security, existing methods are limited, preventing them from being widely deployed: rebooting the system is necessary which inevitably interrupts services. Syzkaller’s data indicates that avg. 7.62 unique kernel panics are reported per day. It means the machine would need multiple reboots in one day to enforce compartmentalization, which is unacceptable. In this talk, we will explore the potential of on-the-fly enforcement, the main challenge of which lies in handling transition hazards - pre-existing objects are untracked and can be misused. We will demo this attack by exploiting CVE-2022-0995, followed by O2C which aims to mitigate transition hazards. O2C has two key technical innovations: 1. software-based compartmentalization using eBPF. 2. embedding an ML model into the kernel, which lacks floating point support. O2C shows negligible overhead and excellent scalability. Detailed measurement results will be presented in the talk and the code is available at https://github.com/a8stract-lab/o2c.
Additional contributors - Tiejin Chen & Hua Wei, Arizona State University and Zicheng Wang, Nanjing University
The Linux Foundation
The Linux Foundation is a nonprofit consortium dedicated to fostering the growth of Linux and collaborative software development. Founded in 2000, the organization sponsors the work of Linux creator Linus Torvalds and promotes, protects and advances the L...