Introducing
Your new presentation assistant.
Refine, enhance, and tailor your content, source relevant images, and edit visuals quicker than ever before.
Trending searches
The Nested Kernel Architecture
Nested Kernel: An Operating System Architecture for Intra-Kernel Privilege Separation
Key Takeaways
Outer Kernel
Nested Kernel
Privilege Separation
MMU Isolation and Write-Protection Services
Services
Monolithic Applicability
Reliability
Simple malware are extremely powerful:
Confidentiality or Integrity Violation
Code Injection
NOOP
Violates the integrity of audit recording
System Call Hooking
Problem: A complete lack of memory isolation
Drivers
1) What's the problem?
Monolithic Operating System Architecture
File System
CPU Virtualization
Networking
Virtual Memory
Observation: If we can Restrict Access to the Page Tables then Enable Memory Isolation
Page Tables in Typical Systems
Memory
CPU
Enforcement Bits
2) Nested Kernel Approach
Enforcing Privilege Separation on x86-64
The nested kernel interposes on all modifications of the MMU
Nested Kernel key assumption: can enforce read-only on supervisor code
Initialize read-only
Virtual Privilege Switch
Exit Gate
1. Switch to outer kernel stack
2. Enable write-protection enforcement
3. Enable interrupts
Outer Kernel
Nested Kernel
nk_update_pte(mapping,pte)
Entry Gate
1. Disable interrupts
2. Disable write-protection enforcement
3. Switch to nested kernel stack
The nested kernel isolates the MMU and provides lifetime kernel code integrity
Nested Kernel Services
3) Intra-Kernel Isolation
How Practical is the Nested Kernel
Kernel Reorganization
~1900 LOC Modified
52 Files
~100 Deleted
SMP support needed
Trusted Computing Base
TCB for Nested Kernel and MMU Isolation
Nested Kernel Lines of Code
∼4000 C
SLOCCOUNT
∼800 Assembly
248 Python Scanner
MMU TCB PerspicuOS / FreeBSD 9.0: 0.45%
2 writes to cr0
40 implicit instructions
38 wrmsr
4) Evaluation
Microbenchmarks
Macrobenchmark
Apache HTTPD
13.1%
Each connection forks a new process and mmaps data
Directions for the Nested Kernel
5) Future Work
mov cr3, val
nk_wr_cr3(val)
mov cr0, val
nk_wr_cr0(val)
Access to Page Tables is configured read-only
Nested Kernel
Outer Kernel
Static Code Privilege Separation
Read-only permissions enforced while the outer kernel executes
Root PTR
Write-Logging
Write Mediation
Super-Duper-Ooper-Schmooper Big Idea:
Isolate the MMU using the MMU
Access Control Policy
Nested Kernel
Outer Kernel
Translation