TC: Small: Collaborative Research:Protecting Commodity Operating Systems From Vulnerable Device Drivers

TC：小型：协作研究：保护商品操作系统免受易受攻击的设备驱动程序的影响

• 批准号: 0915363
• 负责人: Michael Swift
• 金额: $ 24.84万
• 依托单位: University of Wisconsin-Madison
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2009
• 资助国家: 美国
• 起止时间: 2009-09-01 至 2013-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=0915363&HistoricalAwards=false
• 关键词: TC; Small; Collaborative; Research; Protecting

Device drivers constitute a large fraction of the code in commodity operating systems. Over 35,000 drivers with over 112,000 versions exist for Windows XP, while over 3.1 million lines out of 5.4 million lines of the Linux kernel is device driver code. As several recent exploits against device drivers show, drivers are rife with bugs that compromise system security.Exploits against device drivers are dangerous because commodity operating systems execute drivers in kernel address space. A compromised driver can modify kernel data structures or execute arbitrary code with kernel privilege. Prior techniques that protect commodity OS kernels from device drivers either suffer from low performance or are limited to specific classes of vulnerabilities, such as memory errors.Inspired by user-mode driver frameworks, this project applies a three-pronged approach to the problem of protecting kernel data from vulnerabilities in device drivers. First, this project will develop techniques to monitor kernel data structure updates initiated by device drivers and ensure that they do not compromise the integrity of these data structures. Second, it will develop techniques to limit driver access to kernel memory via DMA without requiring hardware support yet taking advantage of it if available. Third, it will develop new techniques for recovering from compromised drivers.These techniques are applicable to legacy device drivers on standalone commodity operating systems and require minimal changes to the operating system. In addition, they impose negligible overheads on common-case performance of device drivers and are thus practical for use even with high-throughput devices.

设备驱动程序构成了商品操作系统中代码的很大一部分。Windows XP有超过35，000个驱动程序和超过112，000个版本，而Linux内核的540万行中有超过310万行是设备驱动程序代码。正如最近几个针对设备驱动程序的漏洞所显示的那样，驱动程序充斥着危及系统安全的漏洞。针对设备驱动程序的漏洞是危险的，因为商品操作系统在内核地址空间执行驱动程序。受到危害的驱动程序可以修改内核数据结构或使用内核权限执行任意代码。以前的技术，保护商品操作系统内核从设备驱动程序要么遭受低性能或限于特定类别的漏洞，如内存errors.Inspired用户模式驱动程序框架，本项目适用于一个三管齐下的方法来保护内核数据从设备驱动程序中的漏洞的问题。首先，这个项目将开发技术来监控由设备驱动程序启动的内核数据结构更新，并确保它们不会损害这些数据结构的完整性。其次，它将开发技术来限制驱动程序通过DMA访问内核内存，而不需要硬件支持，如果可用的话，还可以利用它。第三，它将开发从受损驱动程序中恢复的新技术。这些技术适用于独立商品操作系统上的旧设备驱动程序，并且只需对操作系统进行最小的更改。此外，它们对设备驱动程序的常见性能造成的开销可以忽略不计，因此即使与高吞吐量设备一起使用也是实用的。