Abstract
The Linux kernel has become widely adopted in the mobile devices and cloud services, parallel to this has grown its abuse and misuse by attackers and malicious users. This has increased attention paid to kernel security through the deployment of kernel protection mechanisms. Kernel based attacks require reliability, kernel attack reliability is achieved through the information gathering stage where the attacker is able to gather enough information about the target to succeed. The taxonomy of kernel vulnerabilities includes information leaks, that are a class of vulnerabilities that permit access to the kernel memory layout and contents. Information leaks can improve the attack reliability allowing the attacker to read sensitive kernel data to bypass kernel based protections.
In this work, we aim at the detection of stack based kernel information leaks to secure kernels. We analyse the problem of stack based kernel infoleaks, then we perform a classification of the causes of information disclosure vulnerabilities. Next, we propose an approach for the detection of stack based kernel infoleaks using static analysis techniques, and last we evaluate our approach applying it to the Linux kernel.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
CVE-2010-4525. kvm: x86: zero kvm_vcpu_events-> interrupt.pad infoleak
CVE-2012-0053: Apache information disclosure on response to Bad HTTP Request
CVE-2013-2147. fix info leak in cciss_ioctl32_passthru(), https://git.kernel.org
Chen, H., Mao, Y., Wang, X.: Linux kernel vulnerabilities: State-of-the-art defenses and open problems. In: APSYS 2011. ACM (2011)
MITRE. Common Weakness Enumeration. CWE-200: Information Exposure
Intel Corp. IA-32 Architecture Software Developer’s Manual - Volume 3A (2007)
Herrero, A., et al.: RT-MOVICAB-IDS: Addressing real-time intrusion detection. In: FGCS 2013 (2013)
Cowan, C., et al.: StackGuard: Automatic adaptive detection and prevention of buffer-overflow attacks. In: USENIX-SEC (1998)
Denning, D.E., et al.: Certification of Programs for Secure Information Flow. In: C. ACM (1977)
Hund, R., et al.: Practical Timing Side Channel Attacks Against Kernel Space ASLR. In: IEEE SSP (2013)
Strackx, R., et al.: Breaking the Memory Secrecy Assumption. In: EUROSEC 2009 (2009)
Gorman, M.: Understanding the Linux virtual memory manager. Prentice Hall
Hopcroft, J.E.: Introduction to Automata Theory, Languages, and Computation (2008)
ISO. The ANSI C standard (C99). Technical Report WG14 N1124, ISO/IEC (1999)
Johnson, R.: Finding user/kernel pointer bugs with type inference. In: USENIX-SEC
Jones, D.: The Trinity system call fuzzer. Linux Kernel (2013)
Lawall, J.L., Brunel, J., Palix, N., Rydhof Hansen, R.: WYSIWIB: A declarative approach to finding API protocols and bugs in Linux code. In: DSN 2009. IEEE (2009)
Linux. kptr_restrict: disclosure of kernel pointers, http://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/tree/Documentation/sysctl/kernel.txt
Peiró, S.: CVE request: Assorted kernel infoleak security fixes. CVE-2014-1444
Rosenberg, D., Oberheide, J.: Stackjacking: A PaX exploit framework (2011)
Saltzer, J.: The protection of information in computer systems. In: IEEE Proc. (1975)
Sánchez, J., Peiró, S., Masmano, M., Simó, J., Balbastre, P.: Linux porting to the XtratuM Hypervisor for x86 processors. In: 14th Real Time Linux Workshop (2012)
Stuart, H.: Hunting Bugs with Coccinelle. PhD thesis, Diku (2008)
Tanenbaum, A.S.: Modern Operating Systems, 3rd edn. Prentice Hall (2007)
PAX Team. Address Space Layout Randomization (ASLR) (2001)
Torvalds, L.: Sparse: A semantic parser for C (2006), http://sparse.wiki.kernel.org
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Peiró, S., Muñoz, M., Masmano, M., Crespo, A. (2014). Detecting Stack Based Kernel Information Leaks. In: de la Puerta, J., et al. International Joint Conference SOCO’14-CISIS’14-ICEUTE’14. Advances in Intelligent Systems and Computing, vol 299. Springer, Cham. https://doi.org/10.1007/978-3-319-07995-0_32
Download citation
DOI: https://doi.org/10.1007/978-3-319-07995-0_32
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-07994-3
Online ISBN: 978-3-319-07995-0
eBook Packages: EngineeringEngineering (R0)