xxx tolerating malicious drivers in linux
play

XXX Tolerating Malicious Drivers in Linux Silas Boyd-Wickizer and - PowerPoint PPT Presentation

Sep 30, 2023 •663 likes •1.63k views

XXX Tolerating Malicious Drivers in Linux Silas Boyd-Wickizer and Nickolai Zeldovich How could a device driver be malicious? Today's device drivers are highly privileged Write kernel memory, allocate memory, ... Drivers are complex;

  1. XXX

  2. Tolerating Malicious Drivers in Linux Silas Boyd-Wickizer and Nickolai Zeldovich

  3. How could a device driver be malicious? Today's device drivers are highly privileged Write kernel memory, allocate memory, ... Drivers are complex; developers write buggy code Result: Attackers exploit vulnerabilities

  4. How could a device driver be malicious? Today's device drivers are highly privileged Write kernel memory, allocate memory, ... Drivers are complex; developers write buggy code Result: Attackers exploit vulnerabilities

  5. How could a device driver be malicious? Today's device drivers are highly privileged Write kernel memory, allocate memory, ... Drivers are complex; developers write buggy code Result: Attackers exploit vulnerabilities

  6. Current approach User-space drivers in µ kernels (Minix, L4, ...) Write device driver in new language (Termite) Handle common faults (Nooks, microdrivers, ...)

  7. Goal Secure, efficient, & unmodified drivers on Linux

  8. Previous user-space drivers µ kernel User User User Ethernet Network Application driver stack Hardware Kernel Kernel core

  9. Previous user-space drivers µ kernel Confine driver in a process User User User Ethernet Network Application driver stack Hardware Kernel Kernel core

  10. Previous user-space drivers µ kernel Confine driver in a process User User User Ethernet Network Application driver stack Hardware Kernel General purpose syscall API to configure device Kernel core

  11. Previous user-space drivers µ kernel Confine driver in a process User User User Ethernet Network Application driver stack Hardware Kernel General purpose syscall API to configure device Kernel core Confine device with IO virtualization HW.

  12. Previous user-space drivers IPC network driver API µ kernel E.g. tx_packet Confine driver in a process User User User Ethernet Network Application driver stack Hardware Kernel General purpose syscall API to configure device Kernel core Confine device with IO virtualization HW.

  13. Current Linux driver architecture User Application Hardware Kernel Ethernet Network driver stack Kernel RT netdevice

  14. Current Linux driver architecture User Application Kernel runtime (e.g. kmalloc ) Hardware Kernel Ethernet Network driver stack Kernel RT netdevice

  15. Current Linux driver architecture User Network driver API (e.g. tx_packet ) Application Kernel runtime (e.g. kmalloc ) Hardware Kernel Ethernet Network driver stack Kernel RT netdevice

  16. Linux user-space driver problem Kernel RT and driver APIs won't work for untrusted drivers in a different AS Ethernet User User driver Application Hardware Kernel Network stack Kernel RT netdevice

  17. SUD's approach Ethernet User User driver Application Hardware Kernel Network stack Kernel RT netdevice

  18. SUD's approach SUD UML handles calls to kernel RT Ethernet User User driver Application Hardware SUD UML Kernel Network stack Kernel RT netdevice

  19. SUD's approach SUD UML handles calls to kernel RT Proxy driver and SUD UML allow reuse of existing driver APIs Ethernet User User driver Application Hardware SUD UML Kernel Ethernet Network proxy driver stack Kernel RT netdevice

  20. SUD's approach SUD UML handles calls to kernel RT Proxy driver and SUD UML allow reuse of existing driver APIs Ethernet User User driver Application Hardware SUD UML Network driver API Kernel Ethernet Network proxy driver stack Kernel RT netdevice

  21. SUD's approach SUD UML handles calls to kernel RT Proxy driver and SUD UML allow reuse of existing driver APIs Ethernet User User driver Application Hardware SUD UML SUD RPC API Network driver API Kernel Ethernet Network proxy driver stack Kernel RT netdevice

  22. SUD's approach SUD UML handles calls to kernel RT Proxy driver and SUD UML allow reuse of existing driver APIs Network driver API Ethernet User User driver Application Hardware SUD UML SUD RPC API Network driver API Kernel Ethernet Network proxy driver stack Kernel RT netdevice

  23. SUD's results Tolerate malicious device drivers Proxy drivers small (~500 LOC) One proxy driver per device class Few kernel modifications (~50 LOC) Unmodified drivers (6 test drivers) High performance, low overhead No need for new OS or language

  24. Security challenge: prevent attacks Problem: driver must perform privileged operations Memory access, driver API, DMA, interrupts, … Attacks from driver code: Direct system attacks: memory corruption, ... Driver API attacks: invalid return value, deadlock, ... Attacks from device: DMA to DRAM, peer-to-peer attacks, interrupt storms

  25. Practical challenges High performance, low overhead Challenge: interact with hardware and kernel at high rate, kernel-user switch expensive E.g. Ethernet driver ~100k times a second Reuse existing drivers and kernel Challenge: drivers assume fully-privileged kernel env. Challenge: kernel driver API complex, non-uniform

  26. SUD overview Hardware User User Driver Application SUD UML Kernel HW access Proxy driver Kernel core module

  27. SUD overview Hardware User User Driver Application SUD UML Kernel HW access Proxy driver Kernel core module

  28. Linux driver APIs Linux defines a driver API for each device class Driver and kernel functions and variables

  29. Example: wireless driver API Linux defines a driver API for each device class Driver and kernel functions and variables struct wireless_ops { int (*tx)(struct sk_buff*); int (*configure_filter)(int); ... }; struct wireless_hw { int conf; int flags .... };

  30. Example: wireless driver API Linux defines a driver API for each device class Driver and kernel functions and variables struct wireless_ops { int (*tx)(struct sk_buff*); int (*configure_filter)(int); ... }; struct wireless_hw { int conf; int flags .... }; Proxy drivers and SUD-UML convert API to RPCs

  31. Example: wireless driver API Linux defines a driver API for each device class Driver and kernel functions and variables struct wireless_ops { int (*tx)(struct sk_buff*); int (*configure_filter)(int); ... }; struct wireless_hw { int conf; int flags .... }; Proxy drivers and SUD-UML convert API to RPCs

  32. Example: wireless driver API Linux defines a driver API for each device class Driver and kernel functions and variables Called in a non- struct wireless_ops { preemptable context int (*tx)(struct sk_buff*); int (*configure_filter)(int); ... }; struct wireless_hw { int conf; int flags .... }; Proxy drivers and SUD-UML convert API to RPCs

  33. Example: wireless driver API Linux defines a driver API for each device class Driver and kernel functions and variables Called in a non- struct wireless_ops { preemptable context int (*tx)(struct sk_buff*); int (*configure_filter)(int); ... Driver API variable }; struct wireless_hw { int conf; int flags .... }; Proxy drivers and SUD-UML convert API to RPCs

  34. Wireless driver in SUD Basic driver API → SUD RPC API→ driver API Non-preemptable function: implement in proxy Driver API variable: shadow variables

  35. Example 1: transmit a packet User User Wireless Web driver browser SUD UML Hardware Kernel Wireless Wireless proxy driver core

  36. Example 1: transmit a packet User User Socket write Wireless Web driver browser SUD UML Hardware Kernel Wireless Wireless proxy driver core

  37. Example 1: transmit a packet User User Wireless Web driver browser SUD UML Hardware wireless_ops.tx Kernel Wireless Wireless proxy driver core

  38. Example 1: transmit a packet User User TX packet RPC Wireless Web driver browser SUD UML Hardware Kernel Wireless Wireless proxy driver core

  39. Example 1: transmit a packet wireless_ops.tx User User Wireless Web driver browser SUD UML Hardware Kernel Wireless Wireless proxy driver core

  40. Example 1: transmit a packet DMA TX User User Wireless Web driver browser SUD UML Hardware Kernel Wireless Wireless proxy driver core

  41. Example 2: non-preemptable callback Problem: unable to switch to user-space User User Wireless Web driver browser SUD UML Hardware Kernel Wireless Wireless proxy driver core

  42. Example 2: non-preemptable callback Problem: unable to switch to user-space User User Wireless Web driver browser Acquires a SUD UML Hardware spin lock Kernel Wireless Wireless proxy driver core

  43. Example 2: non-preemptable callback Problem: unable to switch to user-space User User Wireless Web driver browser SUD UML Hardware wireless_ops.configure_filter Kernel Wireless Wireless proxy driver core

  44. Example 2: non-preemptable callback Problem: unable to switch to user-space User User Filter RPC Wireless Web driver browser SUD UML Hardware Kernel Wireless Wireless proxy driver core

  45. Example 2: non-preemptable callback Problem: unable to switch to user-space User User Wireless Web driver browser SUD UML Hardware Kernel Wireless Wireless proxy driver core

  46. Example 2: non-preemptable callback Problem: unable to switch to user-space Solution: implement directly in proxy driver User User Wireless Web driver browser SUD UML Hardware Kernel Wireless Wireless proxy driver core

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Tolerating Hardware Device Failures in Software Asim Kadav, Matthew J. Renzelmann, Michael M.

Tolerating Hardware Device Failures in Software Asim Kadav, Matthew J. Renzelmann, Michael M.

Tolerating Hardware Device Failures in Software Asim Kadav, Matthew J. Renzelmann, Michael M. Swift University of Wisconsin-Madison Current state of OS-hardware interaction Many device drivers assume device perfection Common Linux

779 views • 45 slides
Linux Device Drivers Linux Device Drivers Kernel 2.6 1. Introduction Dr. Wolfgang Koch 2.

Linux Device Drivers Linux Device Drivers Kernel 2.6 1. Introduction Dr. Wolfgang Koch 2.

Linux Device Drivers Linux Device Drivers Kernel 2.6 1. Introduction Dr. Wolfgang Koch 2. Kernel Modules Friedrich Schiller University Jena 3. Char Drivers Department of Mathematics and 4. Advanced Char Drivers Computer Science 5.

531 views • 12 slides
Linux Device Drivers Linux Device Drivers Dr. Wolfgang Koch 1. Introduction Friedrich Schiller

Linux Device Drivers Linux Device Drivers Dr. Wolfgang Koch 1. Introduction Friedrich Schiller

Linux Device Drivers Linux Device Drivers Dr. Wolfgang Koch 1. Introduction Friedrich Schiller University Jena 2. Kernel Modules Department of Mathematics and 3. Char Drivers Computer Science 4. Advanced Char Drivers Jena, Germany 5.

529 views • 17 slides
Understanding Modern Device Drivers Why study device drivers? Linux drivers constitute ~5

Understanding Modern Device Drivers Why study device drivers? Linux drivers constitute ~5

3/6/12 Understanding Modern Device Drivers Why study device drivers? Linux drivers constitute ~5 million LOC and 70% of kernel Little exposure to this breadth of driver code from research Better understanding of drivers can lead to

484 views • 14 slides
Linux Wireless Drivers Freedom considered harmful? Felix Fietkau <nbd@openwrt.org>

Linux Wireless Drivers Freedom considered harmful? Felix Fietkau <nbd@openwrt.org>

Linux Wireless Drivers Freedom considered harmful? Felix Fietkau <nbd@openwrt.org> 2015-12-30 Introduction OpenWrt developer for >10 years Involved with Linux wireless drivers almost as long Main focus: access points and

306 views • 27 slides
HW/SW Codesign w/ FPGAs Microprogramming ECE 495/595 Introduction (Linux Device Drivers, 3rd

HW/SW Codesign w/ FPGAs Microprogramming ECE 495/595 Introduction (Linux Device Drivers, 3rd

HW/SW Codesign w/ FPGAs Microprogramming ECE 495/595 Introduction (Linux Device Drivers, 3rd Edition (www.makelinux.net/ldd3)) Device Drivers -> DD They are a well defined programming interface between the applications and the actual

486 views • 24 slides
Increasing Automation in the Backporting of Linux Drivers Using Coccinelle Luis R. Rodriguez,

Increasing Automation in the Backporting of Linux Drivers Using Coccinelle Luis R. Rodriguez,

Increasing Automation in the Backporting of Linux Drivers Using Coccinelle Luis R. Rodriguez, (SUSE Labs) Julia Lawall (Inria/LIP6/UPMC/Sorbonne University-Whisper) January, 2015 (Unpublished work) What is backporting? port Linux v3.18

682 views • 40 slides
Undermining the Linux Kernel: Malicious Code Injec:on via /dev/mem Anthony Lineberry

Undermining the Linux Kernel: Malicious Code Injec:on via /dev/mem Anthony Lineberry

Undermining the Linux Kernel: Malicious Code Injec:on via /dev/mem Anthony Lineberry anthony.lineberry@gmail.com Black Hat Europe 2009 Overview What is a rootkit? Why is protec:on difficult? Current protec:on mechanisms/bypasses

638 views • 52 slides
The Year of the Linux Video Codec Drivers Embedded Linux Conference 2017 Portland Laurent

The Year of the Linux Video Codec Drivers Embedded Linux Conference 2017 Portland Laurent

The Year of the Linux Video Codec Drivers Embedded Linux Conference 2017 Portland Laurent Pinchart laurent.pinchart@ideasonboard.com I have given many talks in conferences around the world. This one is special. During breakfast this morning I

503 views • 48 slides
Reducing Latency in Linux Wireless Network Drivers Tim Shepard shep@alum.mit.edu netdev 1.1

Reducing Latency in Linux Wireless Network Drivers Tim Shepard shep@alum.mit.edu netdev 1.1

Proceedings of NetDev 1.1: The Technical Conference on Linux Networking (February 10th-12th 2016. Seville, Spain) Reducing Latency in Linux Wireless Network Drivers Tim Shepard shep@alum.mit.edu netdev 1.1 Sevilla, Espa na 10-12

520 views • 18 slides
Embedded Systems Programming Linux GPIO & I2C Drivers (Module 13) Yann-Hang Lee Arizona

Embedded Systems Programming Linux GPIO & I2C Drivers (Module 13) Yann-Hang Lee Arizona

Embedded Systems Programming Linux GPIO & I2C Drivers (Module 13) Yann-Hang Lee Arizona State University yhlee@asu.edu (480) 727-7507 Summer 2014 Real-time Systems Lab, Computer Science and Engineering, ASU Linux GPIO Driver A GPIO

115 views • 7 slides
Embedded Linux Device Drivers Aleksandar Peji Andrija Pri Balkan Computer Congress 2014

Embedded Linux Device Drivers Aleksandar Peji Andrija Pri Balkan Computer Congress 2014

Embedded Linux Device Drivers Aleksandar Peji Andrija Pri Balkan Computer Congress 2014 September 7 th , Novi Sad, Serbia Agenda About Embedded Systems Hardware Specifics of Embedded Systems Embedded Linux Linux Device

244 views • 11 slides
Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu

Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu

Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu mihai@cs.wisc.edu 23 March 2006 What is Malicious Code? What is Malicious Code? Viruses, worms, trojans, Code that breaks your security policy.

707 views • 69 slides
Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu

Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu

Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu mihai@cs.wisc.edu 10 March 2005 What is Malicious Code? What is Malicious Code? Viruses, worms, trojans, Code that breaks your security policy.

1.16k views • 94 slides
How to avoid writing device drivers for embedded Linux Chris Simmonds 2net Limited Winchester,

How to avoid writing device drivers for embedded Linux Chris Simmonds 2net Limited Winchester,

How to avoid writing device drivers for embedded Linux Chris Simmonds 2net Limited Winchester, UK chris@2net.co.uk Abstract Modern Linux kernels provide interfaces that use of the basic I/O functions that the driver provides. Writing

412 views • 4 slides
Agenda Programming Model Linux x86 Architecture and respective adaption Memory

Agenda Programming Model Linux x86 Architecture and respective adaption Memory

Agenda Programming Model Linux x86 Architecture and respective adaption Memory Exceptions / Interrupts Multiprocessing 1 References Understanding the Linux Kernel, Bovet and Cesati Linux Device Drivers, Rubini

812 views • 49 slides
IP Product Offerings Patent Pending Super Capacitor IP Test Chip (Theory) + Patent Pending

IP Product Offerings Patent Pending Super Capacitor IP Test Chip (Theory) + Patent Pending

CurrentRF On-Chip Super Capacitor IP (Power Optimizer) Michael Hopkins Founder and CEO IP Product Offerings Patent Pending Super Capacitor IP Test Chip (Theory) + Patent Pending Super Capacitor IP Test Chip(Example) Minimum Total Efectve

376 views • 18 slides
Network Trace analysis using Python Nevil Brownlee U Auckland | WAND NZNOG 2015 Tutorial 26

Network Trace analysis using Python Nevil Brownlee U Auckland | WAND NZNOG 2015 Tutorial 26

Network Trace analysis using Python Nevil Brownlee U Auckland | WAND NZNOG 2015 Tutorial 26 January 2015 Introduction U s i n g N e t w o r k T r a c e s T h e r e a r e l o t s o f t o o l s t c p d u m p , w i r e s h a r k , l i

320 views • 29 slides
Mobile IPv6 Mobile IPv6 Connectathon 2003 2003 Connectathon IETF56 IETF56 Interoperability

Mobile IPv6 Mobile IPv6 Connectathon 2003 2003 Connectathon IETF56 IETF56 Interoperability

Mobile IPv6 Mobile IPv6 Connectathon 2003 2003 Connectathon IETF56 IETF56 Interoperability Testing Report Interoperability Testing Report Samita Chakrabarti Samita Chakrabarti Samita. .chakrabarti chakrabarti@Sun.com @Sun.com Samita

420 views • 8 slides
WiFrst: Bridging the Information Gap for Debugging of Networked Embedded Systems Will McGrath ,

WiFrst: Bridging the Information Gap for Debugging of Networked Embedded Systems Will McGrath ,

WiFrst: Bridging the Information Gap for Debugging of Networked Embedded Systems Will McGrath , Jeremy Warner , Mitchell Karchemsky, Andrew Head, Daniel Drew, and Bjoern Hartmann IoT Device Debugging Protocol error? Wiring issue?

742 views • 58 slides
c i f i c a DIgSILENT Pacific P Power system engineering and software T N What future

c i f i c a DIgSILENT Pacific P Power system engineering and software T N What future

c i f i c a DIgSILENT Pacific P Power system engineering and software T N What future for RMS simulation? E Scott Hagaman L DIgSILENT Pacific Seminar 28 November 2019 I S g I D c i f i c a Presentation Overview P A

505 views • 33 slides
User assisted analysis of cellular network structures 26.10.2011 Author: Simon Wagner Advisor:

User assisted analysis of cellular network structures 26.10.2011 Author: Simon Wagner Advisor:

Network Architectures and Services, Georg Carle Faculty of Informatics Technische Universitt Mnchen, Germany User assisted analysis of cellular network structures 26.10.2011 Author: Simon Wagner Advisor: Johann Schlamp Supervisor: Prof.

343 views • 19 slides
Building to a Billion, and Beyond Inside one of the worlds largest digital radio deployments

Building to a Billion, and Beyond Inside one of the worlds largest digital radio deployments

Building to a Billion, and Beyond Inside one of the worlds largest digital radio deployments Agenda The scope of the project Background Rakesh Aggarwal Comcon, New Delhi The plan Building and testing the systems Installations

898 views • 46 slides
Communication in Power Grid Cyber Infrastructure to Mislead Cyber Attackers Hui Lin, Zbigniew

Communication in Power Grid Cyber Infrastructure to Mislead Cyber Attackers Hui Lin, Zbigniew

RAINCOAT: Randomize Network Communication in Power Grid Cyber Infrastructure to Mislead Cyber Attackers Hui Lin, Zbigniew Kalbarczyk , Ravishankar Iyer University of Illinois at Urbana-Champaign UNIVERSITY OF ILLINOIS AT URBANA-CHAMPAIGN |

309 views • 20 slides

More recommend