Article: ExOShim: preventing memory disclosure using execute-only kernel code Journal: International Journal of Information and Computer Security (IJICS) 2022 Vol.17 No.1/2 pp.57 - 82 Abstract: Information leakage and memory disclosure are major threats to the security in modern computer systems. If an attacker is able to obtain the binary-code of an application, it is possible to reverse-engineer the source-code, uncover vulnerabilities, craft exploits, and patch together code-segments to produce code-reuse attacks. These issues are particularly concerning when the application is an operating system because they open the door to privilege-escalation and exploitation techniques that provide kernel-level access. This paper describes ExOShim: a 325-line, lightweight 'shim' layer, using Intel's commodity virtualisation features, that prevents memory disclosures by rendering all kernel code execute-only. This technology, when combined with non-deterministic refresh and load-time diversity, prevents disclosure of kernel code on time-scales that facilitate kernel-level exploit development. Additionally, it utilises self-protection and hiding techniques to guarantee its operation even when the attacker gains full root access. The proof-of-concept prototype described here has been demonstrated on a 64-bit microkernel. It is evaluated using metrics that quantify its code size and complexity, associated run-time performance costs, and its effectiveness in thwarting information leakage. ExOShim provides complete execute-only protection for kernel code at a runtime-performance overhead of only 0.86%. The concepts are general and could also be applied to other operating systems. Inderscience Publishers - linking academia, business and industry through research

Title: ExOShim: preventing memory disclosure using execute-only kernel code

Authors: Scott Brookes; Robert Denz; Martin Osterloh; Stephen Taylor

Addresses: Draper, 555 Technology Sq., Cambridge, MA 02139, USA ' Draper, 555 Technology Sq., Cambridge, MA 02139, USA ' Siege Technologies, 540 N Commercial St., Manchester, NH 03101, USA ' Dartmouth College, 14 Engineering Dr., Hanover, NH 03755, USA

Abstract: Information leakage and memory disclosure are major threats to the security in modern computer systems. If an attacker is able to obtain the binary-code of an application, it is possible to reverse-engineer the source-code, uncover vulnerabilities, craft exploits, and patch together code-segments to produce code-reuse attacks. These issues are particularly concerning when the application is an operating system because they open the door to privilege-escalation and exploitation techniques that provide kernel-level access. This paper describes ExOShim: a 325-line, lightweight 'shim' layer, using Intel's commodity virtualisation features, that prevents memory disclosures by rendering all kernel code execute-only. This technology, when combined with non-deterministic refresh and load-time diversity, prevents disclosure of kernel code on time-scales that facilitate kernel-level exploit development. Additionally, it utilises self-protection and hiding techniques to guarantee its operation even when the attacker gains full root access. The proof-of-concept prototype described here has been demonstrated on a 64-bit microkernel. It is evaluated using metrics that quantify its code size and complexity, associated run-time performance costs, and its effectiveness in thwarting information leakage. ExOShim provides complete execute-only protection for kernel code at a runtime-performance overhead of only 0.86%. The concepts are general and could also be applied to other operating systems.

Keywords: memory disclosure; execute-only code; information leakage; security; operating systems; hypervisor; virtualisation.

DOI: 10.1504/IJICS.2022.121291

International Journal of Information and Computer Security, 2022 Vol.17 No.1/2, pp.57 - 82

Accepted: 30 Dec 2018
Published online: 04 Mar 2022 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article

Title: ExOShim: preventing memory disclosure using execute-only kernel code

Keep up-to-date