TY - GEN
T1 - SILVER
T2 - 16th International Symposium on Research in Attacks, Intrusions, and Defenses, RAID 2013
AU - Xiong, Xi
AU - Liu, Peng
PY - 2013
Y1 - 2013
N2 - Untrusted kernel extensions remain one of the major threats to the security of commodity OS kernels. Current containment approaches still have limitations in terms of security, granularity and flexibility, primarily due to the absence of secure resource management and communication methods. This paper presents SILVER, a framework that offers transparent protection domain primitives to achieve fine-grained access control and secure communication between OS kernel and extensions. SILVER keeps track of security properties (e.g., owner principal and integrity level) of data objects in kernel space with a novel security-aware memory management scheme, which enables fine-grained access control in an effective manner. Moreover, SILVER introduces secure primitives for data communication between protection domains based on a unified integrity model. SILVER's protection domain primitives provide great flexibility by allowing developers to explicitly define security properties of individual program data, as well as control privilege delegation, data transfer and service exportation. We have implemented a prototype of SILVER in Linux. The evaluation results reveal that SILVER is effective against various kinds of kernel threats with a reasonable performance and resource overhead.
AB - Untrusted kernel extensions remain one of the major threats to the security of commodity OS kernels. Current containment approaches still have limitations in terms of security, granularity and flexibility, primarily due to the absence of secure resource management and communication methods. This paper presents SILVER, a framework that offers transparent protection domain primitives to achieve fine-grained access control and secure communication between OS kernel and extensions. SILVER keeps track of security properties (e.g., owner principal and integrity level) of data objects in kernel space with a novel security-aware memory management scheme, which enables fine-grained access control in an effective manner. Moreover, SILVER introduces secure primitives for data communication between protection domains based on a unified integrity model. SILVER's protection domain primitives provide great flexibility by allowing developers to explicitly define security properties of individual program data, as well as control privilege delegation, data transfer and service exportation. We have implemented a prototype of SILVER in Linux. The evaluation results reveal that SILVER is effective against various kinds of kernel threats with a reasonable performance and resource overhead.
UR - http://www.scopus.com/inward/record.url?scp=84888375834&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84888375834&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-41284-4_6
DO - 10.1007/978-3-642-41284-4_6
M3 - Conference contribution
AN - SCOPUS:84888375834
SN - 9783642412837
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 103
EP - 122
BT - Research in Attacks, Intrusions, and Defenses - 16th International Symposium, RAID 2013, Proceedings
Y2 - 23 October 2013 through 25 October 2013
ER -