kMVX: Detecting Kernel Information Leaks with Multi-variant Execution

Sebastian Österlund, Koen Koning, Pierre Olivier, Antonio Barbalace, Herbert Bos, Cristiano Giuffrida

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract / Description of output

Kernel information leak vulnerabilities are a major security threat to production systems. Attackers can exploit them to leak confidential information such as cryptographic keysor kernel pointers. Despite efforts by kernel developers and researchers, existing defenses for kernels such as Linux are limited in scope or incur a prohibitive performance overhead. In this paper, we present kMVX, a comprehensive defense against information leak vulnerabilities in the kernel by running multiple diversified kernel variants simultaneously on the same machine. By constructing these variants in a careful manner, we can ensure they only show divergences when an attacker tries to exploit bugs present in the kernel. By detecting these divergences we can prevent kernel information leaks. Our kMVX design is inspired by multi-variant execution (MVX). Traditional MVX designs cannot be applied to kernels because of their assumptions on the run-time environment. kMVX, on the other hand, can be applied even to commodity kernels. We show our Linux-based prototype provides powerful protection against information leaks at acceptable performance overhead (20–50% in the worst case for popular server applications).
Original languageEnglish
Title of host publicationProceedings of the Twenty-Fourth International Conference on Architectural Support for Programming Languages and Operating Systems
Place of PublicationNew York, NY, USA
PublisherAssociation for Computing Machinery (ACM)
Pages559-572
Number of pages14
ISBN (Print)978-1-4503-6240-5
DOIs
Publication statusPublished - 4 Apr 2019
Event24th ACM International Conference on Architectural Support for Programming Languages and Operating Systems - Providence, United States
Duration: 13 Apr 201917 Apr 2019
https://asplos-conference.org/2019/index.html

Conference

Conference24th ACM International Conference on Architectural Support for Programming Languages and Operating Systems
Abbreviated titleASPLOS 2019
Country/TerritoryUnited States
CityProvidence
Period13/04/1917/04/19
Internet address

Keywords / Materials (for Non-textual outputs)

  • Security and privacy
  • Operating systems security
  • Software and its engineering
  • Operating systems
  • security
  • information leaks
  • multi-variant exection

Fingerprint

Dive into the research topics of 'kMVX: Detecting Kernel Information Leaks with Multi-variant Execution'. Together they form a unique fingerprint.

Cite this