TC: Small: Collaborative Research: Protecting Commodity Operating Systems from Vulnerable Device Drivers

TC：小型：协作研究：保护商品操作系统免受易受攻击的设备驱动程序的影响

• 批准号: 0915394
• 负责人: Vinod Ganapathy
• 金额: $ 25万
• 依托单位: Rutgers University New Brunswick
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2009
• 资助国家: 美国
• 起止时间: 2009-09-01 至 2013-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=0915394&HistoricalAwards=false
• 关键词: TC; Small; Collaborative; Research; Protecting

Device drivers constitute a large fraction of the code in commodity operating systems. Over 35,000 drivers with over 112,000 versions exist for Windows XP, while over 3.1 million lines out of 5.4 million lines of the Linux kernel is device driver code. As several recent exploits against device drivers show, drivers are rife with bugs that compromise system security.Exploits against device drivers are dangerous because commodity operating systems execute drivers in kernel address space. A compromised driver can modify kernel data structures or execute arbitrary code with kernel privilege. Prior techniques that protect commodity OS kernels from device drivers either suffer from low performance or are limited to specific classes of vulnerabilities, such as memory errors.Inspired by user-mode driver frameworks, this project applies a three-pronged approach to the problem of protecting kernel data from vulnerabilities in device drivers. First, this project will develop techniques to monitor kernel data structure updates initiated by device drivers and ensure that they do not compromise the integrity of these data structures. Second, it will develop techniques to limit driver access to kernel memory via DMA without requiring hardware support yet taking advantage of it if available. Third, it will develop new techniques for recovering from compromised drivers.These techniques are applicable to legacy device drivers on standalone commodity operating systems and require minimal changes to the operating system. In addition, they impose negligible overheads on common-case performance of device drivers and are thus practical for use even with high-throughput devices.

设备驱动程序构成了商品操作系统中代码的很大一部分。 Windows XP 存在超过 35,000 个驱动程序，超过 112,000 个版本，而 Linux 内核的 540 万行中有超过 310 万行是设备驱动程序代码。正如最近针对设备驱动程序的一些攻击所表明的那样，驱动程序中充满了危害系统安全的错误。针对设备驱动程序的攻击是危险的，因为商用操作系统在内核地址空间中执行驱动程序。受损的驱动程序可以修改内核数据结构或以内核权限执行任意代码。保护商用操作系统内核免受设备驱动程序影响的现有技术要么性能低下，要么仅限于特定类别的漏洞，例如内存错误。受用户模式驱动程序框架的启发，该项目采用三管齐下的方法来解决保护内核数据免受设备驱动程序漏洞影响的问题。首先，该项目将开发技术来监视设备驱动程序发起的内核数据结构更新，并确保它们不会损害这些数据结构的完整性。其次，它将开发技术来限制驱动程序通过 DMA 访问内核内存，而不需要硬件支持，但如果可用的话，可以利用它。第三，它将开发从受损驱动程序中恢复的新技术。这些技术适用于独立商用操作系统上的旧设备驱动程序，并且需要对操作系统进行最小程度的更改。此外，它们对设备驱动程序的常见性能造成的开销可以忽略不计，因此即使与高吞吐量设备一起使用也是实用的。