Abstract
It is very challenging to verify the integrity of Operating System (OS) kernel data because of its complex layout. In this paper, we address the problem of systematically generating an accurate kernel data definition for OSes without any prior knowledge of the OS kernel data. This definition accurately reflects the kernel data layout by resolving the pointer-based relations ambiguities between kernel data, in order to support systemic kernel data integrity checking. We generate this definition by performing static points-to analysis on the kernel’s source code. We have designed a new points-to analysis algorithm and have implemented a prototype of our system. We have performed several experiments with real-world applications and OSes to prove the scalability and effectiveness of our approach for OS security applications.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Baliga, A., Ganapathy, V., Iftode, L.: Automatic Inference and Enforcement of Kernel Data Structure Invariants. In: Proc. of 2008 Annual Computer Security Applications Conference, pp. 77–86 (2008)
Dolan-Gavitt, B., Srivastava, A., Traynor, P., Giffin, J.: Robust signatures for kernel data structures. In: Proc. of 16th ACM Conference on Computer and Communications Security, Illinois, USA, pp. 566–577 (2009)
Ibrahim, A., Shouman, M., Faheem, H.: Surviving cyber warfare with a hybrid multiagent-base intrusion prevention system. IEEE Potentials 29(1), 32–40 (2010)
Carbone, M., Cui, W., Lu, L., Lee, W.: Mapping kernel objects to enable systematic integrity checking. In: Proc. of 16th ACM Conference on Computer and Communications Security, Chicago, USA, pp. 555–565 (2009)
Whaley, J., Lam, M.S.: Cloning-based context-sensitive pointer alias analysis using binary decision diagrams. In: Proc. of ACM SIGPLAN 2004 Conference on Programming Language Design and Implementation, Washington DC, USA, pp. 131–144 (2004)
Heintze, N., Tardieu, O.: Ultra-fast aliasing analysis using CLA: a million lines of C code in a second. In: Proc. of ACM SIGPLAN 2001 Conference on Programming Language Design and Implementation, Utah, USA, pp. 254–263 (2001)
Mock, M., Atkinson, D.C., Chambers, C., Eggers, S.J.: Program Slicing with Dynamic Points-To Sets. IEEE Trans. Softw. Eng. 31(8), 657–678 (2005)
Hofmann, O.S., Dunn, A.M., Kim, S.: Ensuring operating system kernel integrity with OSck. In: Proc. of 16th International Conference on Architectural Support for Programming Languages and Operating Systems, California, USA, pp. 279–290 (2011)
Petroni, N.L., Hicks, M.: Automated detection of persistent kernel control-flow attacks. In: Proc of 14th ACM Conference on Computer and Communications Security, Alexandria, Virginia, USA, pp. 103–115 (2007)
Lin, Z., Rhee, J., Zhang, X.: SigGraph: Brute Force Scanning of Kernel Data Structure Instances Using Graph-based Signatures. In: Proc. of 18th Network and Distributed System Security Symposium, San Diego, CA (2011)
Chen, Y., Venkatesan, R., Cary, M., Pang, R., Sinha, S., Jakubowski, M.H.: Oblivious Hashing: A Stealthy Software Integrity Verification Primitive. In: Petitcolas, F.A.P. (ed.) IH 2002. LNCS, vol. 2578, pp. 400–414. Springer, Heidelberg (2003)
Pearce, D.J., Kelly, P.H., Hankin, C.: Efficient field-sensitive pointer analysis for C. In: Proc. of 5th ACM SIGPLAN-SIGSOFT Workshop on Program Analysis for Software Tools and Engineering, Washington DC, pp. 37–42. ACM (2004), 996835
Andersen, L.: Program Analysis and Specialization for the C Programming Language. University of Copenhagen (1994)
Steensgaard, B.: Points-to analysis in almost linear time. In: Proc. of 23rd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, Florida, United States, pp. 32–41 (1996)
Hardekopf, B., Lin, C.: The ant and the grasshopper: fast and accurate pointer analysis for millions of lines of code. In: Proc. of 2007 ACM SIGPLAN Conference on Programming Language Design and Implementation, California, USA, pp. 290–299. ACM (2007), 1250767
Yu, H., Xue, J., Huo, W., Feng, X., Zhang, Z.: Level by level: making flow- and context-sensitive pointer analysis scalable for millions of lines of code. In: Proc. of 8th Annual IEEE/ACM International Symposium on Code Generation and Optimization, Ontario, Canada, pp. 218–229 (2010)
Lattner, C., Lenharth, A., Adve, V.: Making context-sensitive points-to analysis with heap cloning practical for the real world. In: Proc. of 2007 ACM SIGPLAN Conference on Programming Language Design and Implementation, California, USA, pp. 278–289 (2007)
Hind, M., Pioli, A.: Which pointer analysis should I use? In: Proc. of 2000 ACM SIGSOFT International Symposium on Software Testing and Analysis, Portland, Oregon, United States, pp. 113–123 (2000)
Ibrahim, A.S., Grundy, J.C., Hamlyn-Harris, J., Almorsy, M.: Supporting Operating System Kernel Data Disambiguation using Points-to Analysis. In: Proc. of 27th IEEE/ACM International Conference on Automated Software Engineering, Essen, Germany (2012)
Bendersky, E.: pycparser: C parser and AST generator written in Python (2011), http://code.google.com/p/pycparser/
Ibrahim, A.S., Hamlyn-Harris, J., Grundy, J., Almorsy, M.: CloudSec: A Security Monitoring Appliance for Virtual Machines in the IaaS Cloud Model. In: Proc. of 2011 International Conference on Network and System Security (NSS 2011), Milan, Italy (2011)
Buss, M., Edwards, S.A., Bin, Y., Waddington, D.: Pointer analysis for source-to-source transformations. In: Proc. of 5th IEEE International Workshop on Source Code Analysis and Manipulation, September 30-October 1, pp. 139–148 (2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Ibrahim, A.S., Grundy, J., Hamlyn-Harris, J., Almorsy, M. (2012). Operating System Kernel Data Disambiguation to Support Security Analysis. In: Xu, L., Bertino, E., Mu, Y. (eds) Network and System Security. NSS 2012. Lecture Notes in Computer Science, vol 7645. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-34601-9_20
Download citation
DOI: https://doi.org/10.1007/978-3-642-34601-9_20
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-34600-2
Online ISBN: 978-3-642-34601-9
eBook Packages: Computer ScienceComputer Science (R0)