ICruiser: Protecting Kernel Link-Based Data Structures with Secure Canary

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Link-based data structures, like linked lists and binary trees, play an important role in organizing and maintaining kernel objects. Attackers have a strong motivation to tamper them for various malicious purposes. Although a lot of techniques have been proposed to protect kernel objects from unauthorized modifications, existing methods can hardly be applied to most kernel data structures. In this paper, we design iCruiser, a novel protection mechanism to universally secure the protected data fields in link-based data structures within kernel. iCruiser introduces a secure canary to guard the protected data fields, and it employs a stream cipher to prevent attackers from compromising the canary field. Without the seed key of the stream cipher, attackers can hardly conduct unauthorized modifications to the protected fields without being detected. Furthermore, to monitor the protection status of iCruiser, we employ the execution trace recording technologies to record the execution of iCruiser, which ensures that any attack attempt happening on iCruiser will be traceable and auditable. Through iCruiser, we can easily narrow down the attacking vectors of link-based kernel data structures for attackers. To show the effectiveness, we applied our design on some critical doubly linked lists in Linux kernel and analyzed the performance overhead at the instruction level.

Original languageEnglish (US)
Title of host publicationProceedings - 2016 IEEE International Conference on Software Quality, Reliability and Security-Companion, QRS-C 2016
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages31-38
Number of pages8
ISBN (Electronic)9781509037131
DOIs
StatePublished - Sep 21 2016
Event2nd IEEE International Conference on Software Quality, Reliability and Security-Companion, QRS-C 2016 - Vienna, Austria
Duration: Aug 1 2016Aug 3 2016

Publication series

NameProceedings - 2016 IEEE International Conference on Software Quality, Reliability and Security-Companion, QRS-C 2016

Other

Other2nd IEEE International Conference on Software Quality, Reliability and Security-Companion, QRS-C 2016
CountryAustria
CityVienna
Period8/1/168/3/16

All Science Journal Classification (ASJC) codes

  • Software
  • Safety, Risk, Reliability and Quality

Fingerprint Dive into the research topics of 'ICruiser: Protecting Kernel Link-Based Data Structures with Secure Canary'. Together they form a unique fingerprint.

  • Cite this

    Li, W., Wu, D., & Liu, P. (2016). ICruiser: Protecting Kernel Link-Based Data Structures with Secure Canary. In Proceedings - 2016 IEEE International Conference on Software Quality, Reliability and Security-Companion, QRS-C 2016 (pp. 31-38). [7573721] (Proceedings - 2016 IEEE International Conference on Software Quality, Reliability and Security-Companion, QRS-C 2016). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/QRS-C.2016.9