SelMon

Jinsoo Jang, Brent Byunghoon Kang
{"title":"SelMon","authors":"Jinsoo Jang, Brent Byunghoon Kang","doi":"10.1145/3386901.3389023","DOIUrl":null,"url":null,"abstract":"Higher privileged trust anchors such as thin hypervisors and Trust-Zone have been adopted to protect mobile OSs. For instance, the Samsung Knox security platform implements a kernel integrity monitor based on a hardware-assisted virtualization technique for 64-bit devices. Although it protects the OS kernel integrity, the monitoring platform itself can be a target of attackers if it encompasses exploitable bugs. In this paper, we propose SelMon, a portable way of self-protecting kernel integrity monitors without introducing another higher privileged trust anchor. To this end, we first logically separate the regions of the integrity monitor into two parts: privileged and non-privileged regions. Then, we ensure that only the privileged region code can access the critical data objects that can be exploited to compromise the monitor integrity (e.g., the hypervisor page table). The non-critical operations in terms of preserving the monitor integrity are conducted in the non-privileged region. In addition to the privilege separation, we also illustrate how to utilize the general hardware features, watchpoint and data execution prevention (DEP), to ensure the robustness of the separation. In the evaluation, it was found that our approach imposes a negligible overhead of 2% in the worst case with SPEC CPU2006.","PeriodicalId":345029,"journal":{"name":"Proceedings of the 18th International Conference on Mobile Systems, Applications, and Services","volume":"2 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-06-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 18th International Conference on Mobile Systems, Applications, and Services","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3386901.3389023","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 6

Abstract

Higher privileged trust anchors such as thin hypervisors and Trust-Zone have been adopted to protect mobile OSs. For instance, the Samsung Knox security platform implements a kernel integrity monitor based on a hardware-assisted virtualization technique for 64-bit devices. Although it protects the OS kernel integrity, the monitoring platform itself can be a target of attackers if it encompasses exploitable bugs. In this paper, we propose SelMon, a portable way of self-protecting kernel integrity monitors without introducing another higher privileged trust anchor. To this end, we first logically separate the regions of the integrity monitor into two parts: privileged and non-privileged regions. Then, we ensure that only the privileged region code can access the critical data objects that can be exploited to compromise the monitor integrity (e.g., the hypervisor page table). The non-critical operations in terms of preserving the monitor integrity are conducted in the non-privileged region. In addition to the privilege separation, we also illustrate how to utilize the general hardware features, watchpoint and data execution prevention (DEP), to ensure the robustness of the separation. In the evaluation, it was found that our approach imposes a negligible overhead of 2% in the worst case with SPEC CPU2006.
SelMon
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信