OS-level Software & Hardware Attacks and Defenses

Abstract

Computing platforms are an integral part of today's society: our transportation, media, financial markets, and even our elections already depend on these systems. Consequently, computing platforms are also highly diverse, ranging from embedded devices in planes and cars, to smartphones, laptops, desktop computers, and powerful servers running the cloud. The Operating System (OS) manages this hardware and provides abstractions for applications running as user-space programs. The OS usually runs with elevated privileges to protect the platform and other applications from malicious users by enforcing a strict isolation between individual processes. However, all major Operating Systems are written in low-level languages, which provide no guarantees in the presence of bugs. Additionally, hardware implementation flaws enable sophisticated adversaries to exploit the system at run time without requiring memory-corruption vulnerabilities in the system's software. In this thesis, we evaluate the real-world threat of run-time attacks against Operating Systems despite existing defenses such as Control-Flow Integrity (CFI) being deployed and active. In particular, we show that data-only attacks completely bypass all existing defenses in the kernel. Additionally, Rowhammer-based attacks allow sophisticated adversaries to compromise the OS without requiring any vulnerability in software. We develop novel design strategies for defending the OS against strong user-space attackers and demonstrate feasibility through our prototypes for real-world kernels.