Guest-Transparent Instruction Authentication Dannie M. Stanley for - - PowerPoint PPT Presentation

guest transparent instruction authentication
SMART_READER_LITE
LIVE PREVIEW

Guest-Transparent Instruction Authentication Dannie M. Stanley for - - PowerPoint PPT Presentation

Jul 31, 2023 44 likes •434 views

Guest-Transparent Instruction Authentication Dannie M. Stanley for Self-Patching Kernels Purdue University / CERIAS 09/20/12 Dannie Stanley Rick Porter Shane Snyder Zhui Deng Systems & Security Research CERDEC Applied Communication

slide-1
SLIDE 1

09/20/12

Dannie M. Stanley

Purdue University / CERIAS

Guest-Transparent Instruction Authentication for Self-Patching Kernels

slide-2
SLIDE 2

Dannie Stanley Zhui Deng Dongyan Xu

Purdue University West Lafayette, IN

Rick Porter

Systems & Security Research Applied Communication Sciences Basking Ridge, NJ

Shane Snyder

CERDEC US Army Aberdeen Proving Ground, MD

slide-3
SLIDE 3
  • Guest-Transparent Instruction Authentication for

Self-Patching Kernels


– Context – Problem – Approach – Evaluation – Summary

09/20/12

Outline

slide-4
SLIDE 4

THE CONTEXT:
 VMM-based prevention of kernel rootkits.

slide-5
SLIDE 5
  • Kernel rootkits operate with kernel-level

permissions

– Full control over the system

  • In-kernel protection mechanisms are vulnerable to

kernel rootkits

– Ex. memory permission restrictions can be turned off by a rootkit Context: Kernel Rootkits

09/20/12

slide-6
SLIDE 6
  • Security mechanisms have been created to prevent

kernel rootkits by leveraging VMM capabilities such as introspection and memory protection

– For our work, we build-upon one such mechanism: NICKLE – Other similar systems exist: hvmHarvard and SecVisor

  • Though each system has its own unique

contributions we refer to NICKLE, hvmHarvard, and

SecVisor as “NICKLE-like systems.” Context: Previous Work

09/20/12

slide-7
SLIDE 7

VMM Vulnerable System VMM + W⊕KX Hardware

  • Run vulnerable

system in a virtual machine

Context: VMM Enforced W⊕KX

09/20/12

  • Enforce W⊕KX

kernel memory permissions from VMM

  • How does NICKLE prevent kernel rootkit infection?
slide-8
SLIDE 8
  • NICKLE Guarantee:

– No unauthorized code can be executed at the kernel level

  • Kernel rootkits typically need to introduce their own

malicious code into a running kernel to gain control

  • Because NICKLE does not allow memory to be

both writable and kernel-executable:

– The malicious code introduction will be prevented, or – The malicious code will be introduced but will not be executable Context: Rootkit Prevention

09/20/12

slide-9
SLIDE 9
  • The system must allow:

– an authorized kernel to get loaded into place at boot – authorized kernel modules to get loaded during run- time

  • Code introduced into the kernel is marked non-

executable until it is authenticated

  • If the code is authenticated:

– The code is set to executable and read-only Context: Code Authentication

09/20/12

slide-10
SLIDE 10
  • To authenticate kernel code, previous works have

used cryptographic hashes

– Offline: a cryptographic hash is calculated for each piece of authorized code that may get loaded into the guest kernel – Online: the VMM intercepts each guest attempt to load new kernel code and calculates a hash for the code – If the online hash matches an offline hash, the load is allowed Context: Code Authentication

09/20/12

slide-11
SLIDE 11

THE PROBLEM:
 How do we authenticate self-patching kernels?

slide-12
SLIDE 12
  • Some kernels are self-patching; they modify their
  • wn code at runtime

– CPU optimizations, multiprocessor compatibility adjustments, and advanced debugging

  • In a NICKLE-like system:

– If the patch is applied after hash verification

  • The memory will be read-only and the patching will fail

– If the patch is applied before hash verification

  • The code authentication will fail

Problem: Self-Patching Kernels

09/20/12

slide-13
SLIDE 13

Host Kernel Space Host User Space Heap ↑ ... Stack ↓

Host Memory Layout

Problem: Self-Patching Kernels

slide-14
SLIDE 14

Host Kernel Space Host User Space Heap ↑ ... Stack ↓

VMM Reserves Heap Memory for Virtual Machine

Problem: Self-Patching Kernels

slide-15
SLIDE 15

Host Kernel Space Host User Space Heap ↑ ... Stack ↓ Guest Kernel Space Guest User Space Heap ↑ Stack ↓

Guest Memory Layout

Problem: Self-Patching Kernels

slide-16
SLIDE 16

Host Kernel Space Host User Space Heap ↑ ... Stack ↓

Guest Kernel Space Guest User Space Heap ↑ Stack ↓

010101 010101 010101 010010

Kernel Module to be Loaded

Problem: Self-Patching Kernels

slide-17
SLIDE 17

Host Kernel Space Host User Space Heap ↑ ... Stack ↓

Guest Kernel Space Guest User Space Heap ↑ Stack ↓

010101 010101 010101 010010

Module Allowed, Code Set to Non- Executable (NX)

NX Problem: Self-Patching Kernels

slide-18
SLIDE 18

Host Kernel Space Host User Space Heap ↑ ... Stack ↓

Guest Kernel Space Guest User Space Heap ↑ Stack ↓

010101 010101 010101 010010

NX

HashB Calculated for Module Code HashB Compared to HashA Stored in VMM

Problem: Self-Patching Kernels

slide-19
SLIDE 19

Host Kernel Space Host User Space Heap ↑ ... Stack ↓

Guest Kernel Space Guest User Space Heap ↑ Stack ↓

010101 010101 010101 010010

NX

If HashB Matches HashA, Set Module Code Read-Only & Executable

RX RX Problem: Self-Patching Kernels

slide-20
SLIDE 20

Guest Kernel Space Guest User Space Heap ↑ Stack ↓

010101 010101 010101 010010

P

RX

Patch Fails Because Module Code is Read-Only

Host Kernel Space Host User Space Heap ↑ ... Stack ↓

Guest Kernel Tries to Patch Module Code

Problem: Self-Patching Kernels

slide-21
SLIDE 21
  • Example from the Linux kernel

– Alternative Instructions (altinstructions)

  • Altinstructions enable the kernel to optimize code at

run-time based on the capabilities of the CPU

– At compile time, a list of alternative instructions may be stored in special ELF headers – At run-time, if an altinstruction is defined for the current CPU, the alternative replaces the default instruction

  • Why do this?

– Linux distributors can ship just one binary that will be

  • ptimized for multiple CPUs

Problem: Ex: Altinstructions

09/20/12

slide-22
SLIDE 22
  • Altinstructions Example: “run-time memory barrier

patching” (RTMBP)

– Default Linux memory barrier instruction sequence:

  • lock; addl $0,0(%%esp)

– Memory barrier instruction sequence for Pentium 4:

  • lfence

Problem: Ex: Altinstructions

09/20/12

slide-23
SLIDE 23
  • RTMBP in the context of NICKLE-like system

– Offline a hash would be calculated over the unoptimized code – Two options for online authentication:

  • Unoptimized code would pass authentication and guest

would run without the RTMBP optimization

  • Optimized code would fail authentication


09/20/12

Problem: Ex: Altinstructions

slide-24
SLIDE 24

OUR APPROACH:
 Verify each patch at run-time.

slide-25
SLIDE 25
  • Patch: Each valid replacement instruction sequence
  • Patch Definition:

– patch-location: where the patch may get applied – patch-length: size of the replacement instruction – patch-data: holds the replacement instruction

  • Patch Set: whitelist of valid patch definitions
  • Patch Site: location in code which may or may not

be patched at run time


Approach: Definitions

09/20/12

slide-26
SLIDE 26

call 0xc04bb940 lea 0x0(%esi),%esi mov %esp,%eax and $0xffffe000,%eax mov 0x8(%eax),%eax test $0x8,%al jne 0xc0402366 lock addl $0x0,(%esp) bt %ebx,(%esi) sbb %eax,%eax test %eax,%eax je 0xc0402377 call 0xc04063b0 rcu_idle_enter(); while (!need_resched()) { check_pgt_cache(); rmb(); if (cpu_is_offline(cpu)) play_dead(); local_touch_nmi(); e8 26 96 0b 00 8d b6 00 00 00 00 89 e0 25 00 e0 ff ff 8b 40 08 a8 08 75 38 f0 83 04 24 00 0f a3 1e 19 c0 85 c0 74 3b e8 6f 40 00 00

0xc040232e 6 f0 83 04 24 00 0f

Source Code x86 Assembly Raw Hex Dump

lock addl $0x0,(%esp) lfence

0xc040232e 6 0f ae e8 90 90 90

location length data

Approach: Patch Example

example patch definition example patch site in memory

slide-27
SLIDE 27
  • Offline:

– Generate cryptographic hashes, as before

  • Except: skip patch sites for hash calculation

– Generate a whitelist of patch definitions

  • At least one definition for each patch site
  • Online

– At code load-time:

  • Verify code hashes, again skipping patch sites
  • Verify contents of each patch site using whitelist

– At write-fault (caused by W⊕KX protection):

  • If writing to patch site, allow patch site to be overwritten by

valid patch


Approach: Patch Verification

09/20/12

slide-28
SLIDE 28
  • Patch set creation is challenging!

– Requires deep knowledge of guest kernel (or kernel vendor participation)

  • Example: Linux Kernel (v 2.6) has six1 different

mechanisms that may patch the kernel at runtime:

– Alternative Instructions – SMP Locks – Jump Labels – Mcounts1 – Paravirtual Instructions – Kprobes
 Approach: Patch Set Creation

09/20/12

1 We identified a sixth mechanism after paper submission.

slide-29
SLIDE 29
  • Generating a patch definition for an altinstruction


Approach: Ex. Altinstructions

09/20/12

instr replacement cpuid instrlen replacementlen patch-location patch-length patch-data struct alt_instr

(from ELF headers)

patch definition

slide-30
SLIDE 30

OUR EVALUATION:
 Add patch verification to a NICKLE-like system.

slide-31
SLIDE 31
  • Our patch-level verification procedure is

implemented as a subsystem of NICKLE-KVM

  • NICKLE-KVM: NICKLE-like system based on KVM

– KVM is a Linux-based VMM that takes advantage of hardware-assisted virtualization – Uses the page-level redirection technique introduced by hvmHarvard (rather than instruction-level technique used by NICKLE)

  • Generated patch set for four of the six Linux kernel

patching facilities (two weren’t used by our guest)

  • We implemented the load-time patch verification

procedure for NICKLE-KVM


Evaluation: NICKLE-KVM

09/20/12

slide-32
SLIDE 32
  • To evaluate our system we generated patch sets for

the Linux kernel2 (vmlinux) and 3308 kernel modules

– The kernel contained 31,643 patch sites – The 11 modules needed by our guest contained 639 patch sites

  • After adding patch-level verification, NICKLE-KVM

correctly verified the integrity of all 32282 patch sites


Evaluation: Patch Set Creation

09/20/12

2 After paper submission we added kernel patch-site verification

slide-33
SLIDE 33
  • Crafted synthetic attacks to test robustness:

– Attacker modifies code outside of patch-site

  • Load fails due to cryptographic hash mistmatch

– Attacker modifies code within patch site

  • Load fails if patch site does not receive valid patch
  • Load succeeds if patch site receives valid patch

– Attacker modifies candidate patch code (ex. altinstructions ELF header)

  • Load fails if the spurious patch is selected


Evaluation: Attacks

09/20/12

slide-34
SLIDE 34
  • Our load-time patch verification procedure incurs no

additional NICKLE-KVM VM exits for patch- verification

– Adds time for patch verification (lookup and string compare) proportional to the number of patches

  • A write-fault-triggered patch verification procedure

(not implemented) would incur one additional VM exit per patch that triggers a write-fault

– Additional VM exit required for restoring read-only permission
 Evaluation: Performance

09/20/12

slide-35
SLIDE 35
  • Previous NICKLE-like systems were not able to

authenticate code introduced by self-patching kernels

  • Our kernel code authentication procedure

accommodates self-patching kernels by verifying each patch

  • Our implementation is able to authenticate a self-

patching guest Linux kernel and its modules (32,282 patch sites)

Summary

09/20/12

slide-36
SLIDE 36

THANK YOU!

slide-37
SLIDE 37
slide-38
SLIDE 38

Kernel Memory X D X X D X X D X X D X D X X X X D Data Page Code Page X X X X X X X X X X X X D X X D X X D X X D X D X X X X

  • At load-time,

verify kernel code and set to read-only

  • Run-time patch

will fail due to read-only permissions

slide-39
SLIDE 39

Host Kernel Space Host User Space Heap ↑ ... Stack ↓

Guest Kernel Space Guest User Space Heap ↑ Stack ↓

NICKLE Protects Guest Kernel Memory

Problem: Self-Patching Kernels