Memory Safety for Low-Level Software/Hardware Interactions
Abstract:
Systems that enforce memory safety for
today's operating system kernels and other system software
do not account for the
behavior of low-level software/hardware interactions such as
memory-mapped I/O,
MMU configuration, and context switching. Bugs in
such low-level interactions can lead to violations of the memory
safety guarantees provided by a safe execution environment and
can lead to exploitable vulnerabilities in system software.
In this work, we present a set of program analysis and run-time instrumentation
techniques that ensure that errors in these low-level operations
do not violate the assumptions made by a safety checking system.
Our design introduces a small set of abstractions and interfaces for
manipulating processor state, kernel stacks, memory mapped I/O
objects, MMU mappings, and self modifying code to achieve this goal,
without moving resource allocation and management decisions out of
the kernel.
We have added these techniques to a compiler-based virtual machine
called Secure Virtual Architecture (SVA), to which the standard Linux
kernel has been ported previously. Our design changes to SVA required
only an additional 100 lines of code to be changed in this kernel. Our
experimental results show that our techniques prevent reported
memory safety violations due to low-level Linux operations and that
these violations are not prevented by SVA
without our techniques. Moreover, the new techniques in this paper
introduce very little overhead over and above the existing
overheads of SVA. Taken together, these results indicate that it is
clearly worthwhile to add these techniques to an existing memory
safety system.
Availability:
This paper will be published in the Proceedings of the
Eighteenth USENIX Security Symposium.
Download:
Paper:
BibTeX Entry:
@inproceedings{SVAOS:UsenixSec09,
author = {John Criswell, Nicolas Geoffray, and Vikram Adve},
title = {Memory Safety for Low-Level Software/Hardware Interactions},
booktitle = {Proceedings of the Eighteenth Usenix Security Symposium},
month = {August},
year = {2009},
location = {Montreal, Canada},
}
