| The kernel stack is one of the most important data contents for operating system kernel to manage process.It plays an important role in saving and restoring the context state of the process when performing process switch and privilege switch from user mode to kernel mode.Due to the design of operating systems such as Linux,the kernel stack of each process are not isolated from each other,which provides chance for attacks such as Return-to-user and Return-to-schedule,and these attacks bring serious threats for normal execution of the process and system security.Therefore,there is a series of work devoted to solving the problem of the integrity protection of the kernel stack.The multi-core environment provides the concurrency for tasks,but it also brings new challenges for the research of security issues.In multi-core environment,multiple processes can run simultaneously,and an attacker has the ability to attack a running process in the system,making the problem of kernel stack integrity protection more complicated.Therefore,this thesis focused on how to provide integrity protection for the process kernel stack in multi-core environment effectively,and analyzed the difficulties of this problem.According to the deficiencies of previous studies,this thesis presented a scheme for the kernel stack integrity protection in multi-core environment,which enhanced the security of previous studies.The main content of this thesis listed as follows:1.This thesis summarized the related studies and new requirements of integrity protection of the kernel stack.The related studies are twofold:protection of partial control data and the integrity protection of the overall kernel stack.The principles and defects of these two types of protection schemes were analyzed and the defects include the insufficient scope of protection,the loopholes of Stifling attack,and the impossible blocking of attacking the kernel stack of a running process on other cores,especially in multi-core environment.Based on problems above,this thesis aims to provide the integrity protection for all process kernel stacks in multi-core environment.2.In the view of the lack of security of previous protection schemes in multi-core environments,this thesis proposed a security improved scheme for kernel stack iintegrity protection in multi-core environmen.In multi-core environment,the original global address translation structure of the system was split,and an independent address translation structure was established for each processor,so that processes running on each processor would use different address translation structures when accessing memory,thereby providing fine-grained access control for the kernel stack.Similar to related studies,this thesis assumed that the attacker has kernel-level permissions,so it relied on hardware assisted virtualization technology with higher privileges to implement the protection scheme.The protection scheme was deployed into the hypervisor and established a separate EPT structure for each vCPU.Fine-grained access rights to each process kernel stack were set on each EPT structure to provide integrity protection for the process kernel stack in the guest VM.This thesis eliminated the security deficiencies of previous work.3.Based on KVM and Qemu,the prototype system of the proposed protection scheme was implemented successfully,and it was evaluated from two aspects,security and performance loss.The experiment results indicated that the protection scheme can defend against the given attack example in the attack model and solved the problem of integrity protection of the kernel stack in multi-core environment.Moreover,the deployment of the protection scheme did not have an excessive impact on the overall performance of the system. |
PDF Full Text Request