利用内核数据迁移机制缓解权限升级攻击

IF 2.4 4区计算机科学 Q3 COMPUTER SCIENCE, INFORMATION SYSTEMS

International Journal of Information Security Pub Date : 2024-07-25 DOI:10.1007/s10207-024-00890-4

Hiroki Kuzuno, Toshihiro Yamauchi

{"title":"利用内核数据迁移机制缓解权限升级攻击","authors":"Hiroki Kuzuno, Toshihiro Yamauchi","doi":"10.1007/s10207-024-00890-4","DOIUrl":null,"url":null,"abstract":"<p>Kernel memory corruption, which leads to a privilege escalation attack, has been reported as a security threat to operating systems. To mitigate privilege escalation attacks, several security mechanisms are proposed. Kernel address space layout randomization randomizes kernel code and data virtual address layout on the kernel memory. Privileged information protection methods monitor and restore illegal privilege modifications. Therefore, if an adversary identifies the kernel data containing privileged information, an adversary can achieve the privilege escalation in a running kernel. This paper proposes a kernel data relocation mechanism (KDRM) that dynamically relocates privileged information in the running kernel to mitigate privilege escalation attacks. The KDRM introduces the relocation-only page into the kernel. The relocation-only page allows the virtual address of the privileged information to change by dynamically relocating for the user process. One of the relocation-only pages is randomly selected to store the privileged information at the system call invocations. The evaluation results indicate the possibility of mitigating privilege escalation attacks through direct memory overwriting by user processes on Linux with KDRM. The KDRM showed an acceptable performance cost. The overhead of a system call was up to 11.52%, and the kernel performance score was 0.11%.</p>","PeriodicalId":50316,"journal":{"name":"International Journal of Information Security","volume":"2 1","pages":""},"PeriodicalIF":2.4000,"publicationDate":"2024-07-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Mitigation of privilege escalation attack using kernel data relocation mechanism\",\"authors\":\"Hiroki Kuzuno, Toshihiro Yamauchi\",\"doi\":\"10.1007/s10207-024-00890-4\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<p>Kernel memory corruption, which leads to a privilege escalation attack, has been reported as a security threat to operating systems. To mitigate privilege escalation attacks, several security mechanisms are proposed. Kernel address space layout randomization randomizes kernel code and data virtual address layout on the kernel memory. Privileged information protection methods monitor and restore illegal privilege modifications. Therefore, if an adversary identifies the kernel data containing privileged information, an adversary can achieve the privilege escalation in a running kernel. This paper proposes a kernel data relocation mechanism (KDRM) that dynamically relocates privileged information in the running kernel to mitigate privilege escalation attacks. The KDRM introduces the relocation-only page into the kernel. The relocation-only page allows the virtual address of the privileged information to change by dynamically relocating for the user process. One of the relocation-only pages is randomly selected to store the privileged information at the system call invocations. The evaluation results indicate the possibility of mitigating privilege escalation attacks through direct memory overwriting by user processes on Linux with KDRM. The KDRM showed an acceptable performance cost. The overhead of a system call was up to 11.52%, and the kernel performance score was 0.11%.</p>\",\"PeriodicalId\":50316,\"journal\":{\"name\":\"International Journal of Information Security\",\"volume\":\"2 1\",\"pages\":\"\"},\"PeriodicalIF\":2.4000,\"publicationDate\":\"2024-07-25\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"International Journal of Information Security\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://doi.org/10.1007/s10207-024-00890-4\",\"RegionNum\":4,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Information Security","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1007/s10207-024-00890-4","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

摘要

据报道，导致权限升级攻击的内核内存损坏是操作系统的一个安全威胁。为了减轻权限升级攻击，人们提出了几种安全机制。内核地址空间布局随机化可对内核内存中的内核代码和数据虚拟地址布局进行随机化。特权信息保护方法可监控和恢复非法的特权修改。因此，如果对手识别出包含特权信息的内核数据，就可以在运行的内核中实现特权升级。本文提出了一种内核数据重定位机制（KDRM），它能动态重定位运行内核中的特权信息，以减轻特权升级攻击。KDRM 在内核中引入了只允许重新定位的页面。只重新定位页允许用户进程通过动态重新定位来改变特权信息的虚拟地址。在系统调用调用时，随机选择一个只重新定位页来存储特权信息。评估结果表明，使用 KDRM 有可能减轻 Linux 系统上通过用户进程直接覆盖内存进行的特权升级攻击。KDRM 的性能代价是可以接受的。系统调用的开销高达 11.52%，而内核性能得分仅为 0.11%。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

Mitigation of privilege escalation attack using kernel data relocation mechanism

查看原文本刊更多论文

Mitigation of privilege escalation attack using kernel data relocation mechanism

Kernel memory corruption, which leads to a privilege escalation attack, has been reported as a security threat to operating systems. To mitigate privilege escalation attacks, several security mechanisms are proposed. Kernel address space layout randomization randomizes kernel code and data virtual address layout on the kernel memory. Privileged information protection methods monitor and restore illegal privilege modifications. Therefore, if an adversary identifies the kernel data containing privileged information, an adversary can achieve the privilege escalation in a running kernel. This paper proposes a kernel data relocation mechanism (KDRM) that dynamically relocates privileged information in the running kernel to mitigate privilege escalation attacks. The KDRM introduces the relocation-only page into the kernel. The relocation-only page allows the virtual address of the privileged information to change by dynamically relocating for the user process. One of the relocation-only pages is randomly selected to store the privileged information at the system call invocations. The evaluation results indicate the possibility of mitigating privilege escalation attacks through direct memory overwriting by user processes on Linux with KDRM. The KDRM showed an acceptable performance cost. The overhead of a system call was up to 11.52%, and the kernel performance score was 0.11%.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

International Journal of Information Security 工程技术-计算机：理论方法

CiteScore

6.30

自引率

3.10%

发文量

审稿时长

12 months

期刊介绍： The International Journal of Information Security is an English language periodical on research in information security which offers prompt publication of important technical work, whether theoretical, applicable, or related to implementation. Coverage includes system security: intrusion detection, secure end systems, secure operating systems, database security, security infrastructures, security evaluation; network security: Internet security, firewalls, mobile security, security agents, protocols, anti-virus and anti-hacker measures; content protection: watermarking, software protection, tamper resistant software; applications: electronic commerce, government, health, telecommunications, mobility.