a design for comprehensive kernel instrumentation
play

A Design for Comprehensive Kernel Instrumentation Peter Feiner - PowerPoint PPT Presentation

Jun 14, 2023 •398 likes •841 views

A Design for Comprehensive Kernel Instrumentation Peter Feiner Angela Demke Brown Ashvin Goel peter@cs.toronto.edu demke@cs.toronto.edu ashvin@eecg.toronto.edu University of Toronto 01 / 16 1 Motivation Transparent fault isolation for

  1. A Design for Comprehensive Kernel Instrumentation Peter Feiner Angela Demke Brown Ashvin Goel peter@cs.toronto.edu demke@cs.toronto.edu ashvin@eecg.toronto.edu University of Toronto 01 / 16 1

  2. Motivation Transparent fault isolation for device drivers ‣ Want to isolate existing driver binaries Inspired by Byte Granularity Isolation ‣ Requires source code Use Dynamic Binary Instrumentation (DBI) ‣ Does not require source code ‣ Inspect & modify instructions before they execute x86 Driver Kernel Code 01 / 16 2

  3. Motivation Transparent fault isolation for device drivers ‣ Want to isolate existing driver binaries Inspired by Byte Granularity Isolation ‣ Requires source code Use Dynamic Binary Instrumentation (DBI) ‣ Does not require source code ‣ Inspect & modify instructions before they execute Instrumented x86 Driver Kernel Driver Code 01 / 16 2

  4. Motivation Transparent fault isolation for device drivers ‣ Want to isolate existing driver binaries Inspired by Byte Granularity Isolation ‣ Requires source code Use Dynamic Binary Instrumentation (DBI) ‣ Does not require source code x86 Driver ‣ Inspect & modify instructions before they execute Code Instrumented x86 Driver Kernel DBI Driver Code 01 / 16 2

  5. Motivation DBI applied for debugging and security at the user level ‣ Memcheck - checks memory errors ‣ Program Shepherding - control flow integrity Various user-level DBI frameworks are available ‣ APIs for inspecting and modifying instructions ‣ e.g., Valgrind, DynamoRIO, Pin These frameworks don’t work in the kernel ‣ What would it take? 01 / 16 3

  6. The Key Difference User frameworks sit between applications and the OS s p ‣ p Interpose on system calls A ‣ Take advantage of OS services, e.g. I/O DBI OS Kernel frameworks need to sit between the OS & CPU CPU ‣ Isn’t that what hypervisors do? 01 / 16 4

  7. Our Approach We need to combine a DBI framework with a hypervisor Apps ‣ Choice 1: Port DBI to an existing hypervisor • Pros: both exist • Cons: both very complex S O ‣ Choice 2: Create a minimal hypervisor, similar to SecVisor’s approach Kernel DBI • Pros: easier to do • Pros: possibly higher performance CPU We designed a minimal hypervisor around a DBI framework ‣ Let’s see how DBI works & what it needs 01 / 16 5

  8. DBI Technique Copy basic blocks of x86 Start code into code cache before execution Dispatch x86 Code ‣ Code executed from cache ‣ Instrumentation added to copy ‣ Manipulate copies to return control to the dispatcher No Copy Block Cached? Yes Execute from Code Cache 01 / 16 6

  9. DBI Requirements Never execute machine’s original code ‣ Necessary for security applications Hide framework from instrumented code ‣ Instrumented code should observe un-instrumented machine state Dispatcher should use instrumented code with care ‣ Implementation cannot use non-reentrant instrumented code Detect changes to the original code ‣ Invalidate stale code in the cache Preserve multicore concurrency ‣ Essential for performance and accuracy 01 / 16 7

  10. Meeting DBI Requirements User Kernel Never Execute New Threads, Kernel Entry Points Original Code Signals Interrupts, Transparency Signals Exceptions Implement Everything Reentrance Use OS Code From Scratch System Calls Detect Code Changes Shadow Page Tables mmap, mprotect, etc. Locking, Concurrency CPU Private Thread Private We’ll look at the first three in more detail 01 / 16 8

  11. Never Execute Original Code User Code User Mode Supervisor Mode OS Binaries (kernel, drivers) Interrupts Exceptions 01 / 16 9

  12. Never Execute Original Code User Code User Mode Supervisor Mode OS Binaries Code Cache Dispatcher (kernel, drivers) ‣ Load kernel module that redirects entry points to the dispatcher Interrupts Exceptions 01 / 16 9

  13. Redirecting Entry Points Entry 1 Table OS Binaries Register Entry 2 Descriptor Table 01 / 16 10

  14. Redirecting Entry Points Code Cache Entry 1 Table OS Binaries Register Entry 2 Descriptor Table Entry 1 Dispatcher Entry 2 Shadow Table 01 / 16 10

  15. Redirecting Entry Points Code Cache Entry 1 Table OS Binaries Register Entry 2 Descriptor Table Entry 1 Dispatcher Entry 2 Shadow Table ‣ Can’t write to table register, otherwise loose control 01 / 16 10

  16. Redirecting Entry Points Shadow Code Cache Register Entry 1 Table OS Binaries Register Entry 2 Descriptor Table Entry 1 Dispatcher Entry 2 Shadow Table ‣ Can’t write to table register, otherwise loose control ‣ Can’t drop the write, otherwise you loose transparency 01 / 16 10

  17. Transparency Need to hide DBI framework from instrumented code ‣ Sometimes essential for correctness Many transparency issues, including ‣ Code cache return addresses ‣ Shadowed registers ‣ Exception stack frame ‣ Interrupt stack frame 01 / 16 11

  18. Exception Transparency Dispatching kernel’s exception handlers is tricky because they inspect machine state ‣ Registers stolen by instrumentation ‣ Address of instruction that triggers the exception • Handlers need to see original instruction addresses • Linux panics on page faults from non white-listed instructions • Problem is that code cache isn’t on the white list • Solution is to translate from code cache to original address Solution for interrupt handlers is similar 01 / 16 12

  19. Interrupt Transparency H = Interrupt Handler I = Instrumentation = Interrupt 01 / 16 13

  20. Interrupt Transparency H = Interrupt Handler Original Code I = Instrumentation = Interrupt A 01 / 16 13

  21. Interrupt Transparency H = Interrupt Handler Original Code I = Instrumentation = Interrupt A 01 / 16 13

  22. Interrupt Transparency H = Interrupt Handler Original Code I = Instrumentation = Interrupt A IH 01 / 16 13

  23. Interrupt Transparency H = Interrupt Handler Original Code I = Instrumentation = Interrupt A IH A 01 / 16 13

  24. Interrupt Transparency H = Interrupt Handler Original Code I = Instrumentation = Interrupt A IH A B 01 / 16 13

  25. Interrupt Transparency H = Interrupt Handler Original Code I = Instrumentation = Interrupt A IH A B Dispatcher Copy A 01 / 16 13

  26. Interrupt Transparency H = Interrupt Handler Original Code I = Instrumentation = Interrupt A IH A B Dispatcher Code Cache Copy A A Original A Addresses 01 / 16 13

  27. Interrupt Transparency H = Interrupt Handler Original Code I = Instrumentation = Interrupt A IH A B Dispatcher Code Cache Copy A A I Original A Addresses 01 / 16 13

  28. Interrupt Transparency H = Interrupt Handler Original Code I = Instrumentation = Interrupt A IH A B Dispatcher Code Cache Copy A A I Original A Addresses 01 / 16 13

  29. Interrupt Transparency H = Interrupt Handler Original Code I = Instrumentation = Interrupt A IH A B Dispatcher Code Cache Copy A A I Original A Addresses Delay interrupts until next code-cache exit 01 / 16 13

  30. Interrupt Transparency H = Interrupt Handler Original Code I = Instrumentation = Interrupt A IH A B Dispatcher Code Cache Copy A A I Original A Addresses Delay interrupts until next code-cache exit 01 / 16 13

  31. Interrupt Transparency H = Interrupt Handler Original Code I = Instrumentation = Interrupt A IH A B Dispatcher Code Cache Copy A A I A Original A A Addresses Delay interrupts until next code-cache exit 01 / 16 13

  32. Interrupt Transparency H = Interrupt Handler Original Code I = Instrumentation = Interrupt A IH A B Dispatcher Code Cache Copy A A I A Original A A Addresses Delay interrupts until next code-cache exit 01 / 16 13

  33. Interrupt Transparency H = Interrupt Handler Original Code I = Instrumentation = Interrupt A IH A B Dispatcher Code Cache Copy A A I A Copy IH Original A A Addresses Delay interrupts until next code-cache exit 01 / 16 13

  34. Interrupt Transparency H = Interrupt Handler Original Code I = Instrumentation = Interrupt A IH A B Dispatcher Code Cache Copy A A I A Copy IH IH Original A A IH Addresses Delay interrupts until next code-cache exit 01 / 16 13

  35. Interrupt Transparency H = Interrupt Handler Original Code I = Instrumentation = Interrupt A IH A B Dispatcher Code Cache Copy A A I A Copy IH IH Copy B Original A A IH Addresses Delay interrupts until next code-cache exit 01 / 16 13

  36. Interrupt Transparency H = Interrupt Handler Original Code I = Instrumentation = Interrupt A IH A B Dispatcher Code Cache Copy A A I A Copy IH IH Copy B B Original A A IH B Addresses Delay interrupts until next code-cache exit 01 / 16 13

  37. Reentrance Code is not reentrant if it is unsafe to execute before other executions of the same code finish ‣ Dispatcher cannot use any non-reentrant OS code, e.g. print, because the non-reentrant code might be currently executing Say, print consists of basic blocks P1, P2 ‣ P1 has executed from code cache ‣ Dispatcher copies P2 ‣ Dispatcher uses print for debugging and invokes P1 ‣ print fails because it is non-reentrant ✗ P1 Copy P2 P1 Code Cache Dispatcher 01 / 16 14

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Linux Foundation Collaboration Summit 2009 LTTng, Filling the Gap Between Kernel Instrumentation

Linux Foundation Collaboration Summit 2009 LTTng, Filling the Gap Between Kernel Instrumentation

Linux Foundation Collaboration Summit 2009 LTTng, Filling the Gap Between Kernel Instrumentation and a Widely Usable Kernel Tracer April 9th, 2009 Mathieu Desnoyers, cole Polytechnique de Montral 1 > Plan Presenter Tracing

539 views • 25 slides
LTTng, Filling the Gap Between Kernel Instrumentation and a Widely Usable Kernel Tracer Mathieu

LTTng, Filling the Gap Between Kernel Instrumentation and a Widely Usable Kernel Tracer Mathieu

LTTng, Filling the Gap Between Kernel Instrumentation and a Widely Usable Kernel Tracer Mathieu Desnoyers Michel R. Dagenais cole Polytechnique de Montral cole Polytechnique de Montral mathieu.desnoyers@polymtl.ca

462 views • 6 slides
ME 460: Electromechanical Systems Design ME 560: Precision Machine Design and Instrumentation

ME 460: Electromechanical Systems Design ME 560: Precision Machine Design and Instrumentation

ME 460: Electromechanical Systems Design ME 560: Precision Machine Design and Instrumentation Prof. Andre Sharon 3-8776 sharon@bu.edu Fraunhofer USA Center for Manufacturing Innovation ME 460/560 Course Goals: Equip students with the

234 views • 10 slides
Kernel Implementations IV 8 February 2019 OSU CSE 1 Recording Design Decisions The

Kernel Implementations IV 8 February 2019 OSU CSE 1 Recording Design Decisions The

Kernel Implementations IV 8 February 2019 OSU CSE 1 Recording Design Decisions The commutative diagram is a great device to help you think about why (whether?) a kernel class correctly implements the kernel interface However, it is

1.02k views • 57 slides
Learning the Kernel and Finding Performance Problems with KFI Tim Bird Sony Electronics, Inc.

Learning the Kernel and Finding Performance Problems with KFI Tim Bird Sony Electronics, Inc.

Learning the Kernel and Finding Performance Problems with KFI Tim Bird Sony Electronics, Inc. June 11, 2005 CELF International Technical Conferece, Yokohama, Japan 1 Introduction to KFI KFI = Kernel Function Instrumentation KFI uses

494 views • 46 slides
kR^X Comprehensive Kernel Protection against Just-In-Time Code Reuse Marios Pomonis 1 Theofilos

kR^X Comprehensive Kernel Protection against Just-In-Time Code Reuse Marios Pomonis 1 Theofilos

Introduction RX Fine-grained KASLR Evaluation kR^X Comprehensive Kernel Protection against Just-In-Time Code Reuse Marios Pomonis 1 Theofilos Petsios 1 Angelos D. Keromytis 1 Michalis Polychronakis 2 Vasileios P. Kemerlis 3 1 Columbia

1.18k views • 66 slides
CS 423 Operating System Design: Introduction to Linux Kernel Programming (MP1 Q&A)

CS 423 Operating System Design: Introduction to Linux Kernel Programming (MP1 Q&A)

CS 423 Operating System Design: Introduction to Linux Kernel Programming (MP1 Q&A) Alberto Alvarez CS423: Operating Systems Design MP1 Goals Get yourself familiar with Linux kernel programming Learn to use the kernels linked

451 views • 32 slides
Kernel Design Nicolas Durrande PROWLER.io (nicolas@prowler.io) Sheffield, September 2017 1 /

Kernel Design Nicolas Durrande PROWLER.io (nicolas@prowler.io) Sheffield, September 2017 1 /

Gaussian Process Summer School Kernel Design Nicolas Durrande PROWLER.io (nicolas@prowler.io) Sheffield, September 2017 1 / 59 Introduction What is a kernel ? Choosing the appropriate kernel Making new from old Effect of linear

652 views • 61 slides
CS 423 Operating System Design: The Kernel Abstraction Professor Adam Bates CS423:

CS 423 Operating System Design: The Kernel Abstraction Professor Adam Bates CS423:

CS 423 Operating System Design: The Kernel Abstraction Professor Adam Bates CS423: Operating Systems Design Goals for Today Learning Objectives: (Learn how to use the vSphere console) Understand the Kernel/Process Abstraction

823 views • 49 slides
CUB: A pattern of collective software design, abstraction, and reuse for kernel-level

CUB: A pattern of collective software design, abstraction, and reuse for kernel-level

CUB: A pattern of collective software design, abstraction, and reuse for kernel-level programming DUANE MERRILL, PH.D. NVIDIA RESEARCH What is CUB ? 1. A design model for collective kernel-level primitives How to make reusable software

1.14k views • 72 slides
Instrumentation best practices in Brewing Slide 1 Ola Wesstrom Instrumentation best practices in

Instrumentation best practices in Brewing Slide 1 Ola Wesstrom Instrumentation best practices in

Products Solutions Services Instrumentation best practices in Brewing Slide 1 Ola Wesstrom Instrumentation best practices in Brewing What we will cover Endress+Hauser overview Best Practice application examples Instrumentation for

384 views • 35 slides
Design Guidelines \\ Comprehensive Facilities Master Plan CU-Boulder What are Design Guidelines?

Design Guidelines \\ Comprehensive Facilities Master Plan CU-Boulder What are Design Guidelines?

\\ Comprehensive Facilities Master Plan Design Guidelines \\ Comprehensive Facilities Master Plan CU-Boulder What are Design Guidelines? Institution Character Continuity of Fabric MIT Accelerate Design Process, constrained options

1.06k views • 47 slides
Design Guidelines \\ Comprehensive Facilities Master Plan CU-Boulder What are Design Guidelines?

Design Guidelines \\ Comprehensive Facilities Master Plan CU-Boulder What are Design Guidelines?

\\ Comprehensive Facilities Master Plan Design Guidelines \\ Comprehensive Facilities Master Plan CU-Boulder What are Design Guidelines? Institution Character Continuity of Fabric MIT Accelerate Design Process, constrained options

563 views • 12 slides
The Era of SoC FPGAs Nizar Abdallah, Ph.D. Workshop on FPGA Design for Scientific Instrumentation

The Era of SoC FPGAs Nizar Abdallah, Ph.D. Workshop on FPGA Design for Scientific Instrumentation

Power Matters The Era of SoC FPGAs Nizar Abdallah, Ph.D. Workshop on FPGA Design for Scientific Instrumentation and Computing International Centre for Theoretical Physics November 2017 Outline Introduction SoC FPGA Architectures: an

938 views • 78 slides
CS 423 Operating System Design: Introduction to Linux Kernel Programming (MP1 Q&A)

CS 423 Operating System Design: Introduction to Linux Kernel Programming (MP1 Q&A)

CS 423 Operating System Design: Introduction to Linux Kernel Programming (MP1 Q&A) Professor Adam Bates Fall 2018 CS423: Operating Systems Design Goals for Today Learning Objectives: Talk about the relevant skills required in

1.15k views • 33 slides
Design and Implementation of a LabVIEW based Computer Control for EPR Instrumentation Diploma

Design and Implementation of a LabVIEW based Computer Control for EPR Instrumentation Diploma

Design and Implementation of a LabVIEW based Computer Control for EPR Instrumentation Diploma Thesis Defense Matthias Kolja Miehl October 22, 2010 at 2:30 pm Milwaukee, Wisconsin, USA Medical College of Wisconsin MACC Fund Research Center

908 views • 72 slides
Global Illumination Shadow Layers Franois Desrichard , David Vanderhaeghe, Mathias Paulin IRIT,

Global Illumination Shadow Layers Franois Desrichard , David Vanderhaeghe, Mathias Paulin IRIT,

Global Illumination Shadow Layers Franois Desrichard , David Vanderhaeghe, Mathias Paulin IRIT, Universit de Toulouse, CNRS, INPT, UPS, UT1, UT2J, France July 12, 2019 Cinematic Lighting Design Scene Render Composite Animated geometry

756 views • 39 slides
CSGE602055 Operating Systems CSF2600505 Sistem Operasi Week 02: Security, Protection, Privacy,

CSGE602055 Operating Systems CSF2600505 Sistem Operasi Week 02: Security, Protection, Privacy,

CSGE602055 Operating Systems CSF2600505 Sistem Operasi Week 02: Security, Protection, Privacy, & C-language Rahmat M. Samik-Ibrahim (ed.) University of Indonesia https://os.vlsm.org/ Always check for the latest revision! REV254

547 views • 17 slides
Current Quantum Measurements in . . . Cryptography Algorithm Main Idea of Quantum . . . A

Current Quantum Measurements in . . . Cryptography Algorithm Main Idea of Quantum . . . A

Why Quantum . . . Quantum . . . Remaining Problems . . . Quantum Physics: . . . Current Quantum Measurements in . . . Cryptography Algorithm Main Idea of Quantum . . . A General Family of . . . Is Optimal: A Proof What Do We Want to . . .

818 views • 40 slides
Training Objectives Build a short relationship database and understand why it is necessary in

Training Objectives Build a short relationship database and understand why it is necessary in

4/5/2011 Engaging Communities and the Media by Telling Compelling Public Health Stories Webinar April 14, 2011 p , 1:30 PM 3:30 PM Sponsored by: 1 Laurie Call Director Center for Community Capacity Development Illinois Public

162 views • 14 slides
virtual machine (pt 2) / microkernels 1 last time (1) sandboxing fjlter system calls guest

virtual machine (pt 2) / microkernels 1 last time (1) sandboxing fjlter system calls guest

virtual machine (pt 2) / microkernels 1 last time (1) sandboxing fjlter system calls guest OS running in hypervisor on host OS hypervisor tracks virtual machine state does guest OS think its in kernel mode? does guest OS think

947 views • 71 slides
Catamount N-Way Performance on XT5 Ron Brightwell, Suzanne Kelly, Jeff Crow Scalable System

Catamount N-Way Performance on XT5 Ron Brightwell, Suzanne Kelly, Jeff Crow Scalable System

Catamount N-Way Performance on XT5 Ron Brightwell, Suzanne Kelly, Jeff Crow Scalable System Software Department Sandia National Laboratories rbbrigh@sandia.gov Cray User Group Conference May 6, 2009 Sandia is a multiprogram laboratory

1.05k views • 60 slides
Linux Kernel Self Protection Project Linux Security Summit, Los Angeles September 14, 2017 Kees

Linux Kernel Self Protection Project Linux Security Summit, Los Angeles September 14, 2017 Kees

Linux Kernel Self Protection Project Linux Security Summit, Los Angeles September 14, 2017 Kees (Case) Cook keescook@chromium.org https://outflux.net/slides/2017/lss/kspp.pdf Agenda Background Security in the context of

652 views • 52 slides
Mobile HTML5 Applications In Hours, Not Days. Build Amazing Apps with Web Standards QCon SF

Mobile HTML5 Applications In Hours, Not Days. Build Amazing Apps with Web Standards QCon SF

Mobile HTML5 Applications In Hours, Not Days. Build Amazing Apps with Web Standards QCon SF @adityabansod Thursday, November 8, 12 Aditya Bansod VP, Product Marketing @adityabansod aditya@sencha.com Thursday, November 8, 12 Mobile app

1.05k views • 53 slides

More recommend