KGuard: Lightweight kernel protection against return-to-user attacks

Vasileios P. Kemerlis, Georgios Portokalidis, Angelos D. Keromytis

Research output: Contribution to conferencePaperpeer-review

105 Scopus citations

Abstract

Return-to-user (ret2usr) attacks exploit the operating system kernel, enabling local users to hijack privileged execution paths and execute arbitrary code with elevated privileges. Current defenses have proven to be inadequate, as they have been repeatedly circumvented, incur considerable overhead, or rely on extended hypervisors and special hardware features. We present kGuard, a compiler plugin that augments the kernel with compact inline guards, which prevent ret2usr with low performance and space overhead. kGuard can be used with any operating system that features a weak separation between kernel and user space, requires no modifications to the OS, and is applicable to both 32- and 64-bit architectures. Our evaluation demonstrates that Linux kernels compiled with kGuard become impervious to a variety of control-flow hijacking exploits. kGuard exhibits lower overhead than previous work, imposing on average an overhead of 11.4% on system call and I/O latency on x86 OSs, and 10.3% on x86-64. The size of a kGuard-protected kernel grows between 3.5% and 5.6%, due to the inserted checks, while the impact on real-life applications is minimal (≤1%).

Original languageEnglish
Pages459-474
Number of pages16
StatePublished - 2012
Event21st USENIX Security Symposium - Bellevue, United States
Duration: 8 Aug 201210 Aug 2012

Conference

Conference21st USENIX Security Symposium
Country/TerritoryUnited States
CityBellevue
Period8/08/1210/08/12

Fingerprint

Dive into the research topics of 'KGuard: Lightweight kernel protection against return-to-user attacks'. Together they form a unique fingerprint.

Cite this