Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
skip to main content
10.1145/3503222.3507779acmconferencesArticle/Chapter ViewAbstractPublication PagesasplosConference Proceedingsconference-collections
research-article
Public Access

Adelie: continuous address space layout re-randomization for Linux drivers

Published: 22 February 2022 Publication History

Abstract

While address space layout randomization (ASLR) has been extensively studied for user-space programs, the corresponding OS kernel's KASLR support remains very limited, making the kernel vulnerable to just-in-time (JIT) return-oriented programming (ROP) attacks. Furthermore, commodity OSs such as Linux restrict their KASLR range to 32 bits due to architectural constraints (e.g., x86-64 only supports 32-bit immediate operands for most instructions), which makes them vulnerable to even unsophisticated brute-force ROP attacks due to low entropy. Most in-kernel pointers remain static, exacerbating the problem when pointers are leaked.
Adelie, our kernel defense mechanism, overcomes KASLR limitations, increases KASLR entropy, and makes successful ROP attacks on the Linux kernel much harder to achieve. First, Adelie enables the position-independent code (PIC) model so that the kernel and its modules can be placed anywhere in the 64-bit virtual address space, at any distance apart from each other. Second, Adelie implements stack re-randomization and address encryption on modules. Finally, Adelie enables efficient continuous KASLR for modules by using the PIC model to make it (almost) impossible to inject ROP gadgets through these modules regardless of gadget's origin.
Since device drivers (typically compiled as modules) are often developed by third parties and are typically less tested than core OS parts, they are also often more vulnerable. By fully re-randomizing device drivers, the last two contributions together prevent most JIT ROP attacks since vulnerable modules are very likely to be a starting point of an attack. Furthermore, some OS instances in virtualized environments are specifically designated to run device drivers, where drivers are the primary target of JIT ROP attacks. Using a GCC plugin that we developed, we automatically modify different kinds of kernel modules. Since the prior art tackles only user-space programs, we solve many challenges unique to the kernel code. Our evaluation shows high efficiency of Adelie's approach: the overhead of the PIC model is completely negligible and re-randomization cost remains reasonable for typical use cases.

References

[1]
Advanced Micro Devices, Inc. 2021. AMD64 Architecture. https://developer.amd.com/resources/developer-guides-manuals/
[2]
Air Force Research Laboratory AFRL/RIEB. 2021. SecureView. https://www.ainfosec.com/technologies/secureview/
[3]
Apache Software Foundation. 2021. ab - Apache HTTP server benchmarking tool. https://httpd.apache.org/docs/2.2/en/programs/ab.html
[4]
Luiz André Barroso and Urs Hölzle. 2007. The Case for Energy-Proportional Computing. IEEE Computer, 40 (2007), https://doi.org/10.1109/MC.2007.443
[5]
Sandeep Bhatkar, R. Sekar, and Daniel C. DuVarney. 2005. Efficient Techniques for Comprehensive Protection from Memory Error Exploits. In Proceedings of the 14th USENIX Security Symposium (SSYM ’05). USENIX Association, 255–270.
[6]
David Bigelow, Thomas Hobson, Robert Rudd, William Streilein, and Hamed Okhravi. 2015. Timely Rerandomization for Mitigating Memory Disclosures. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security (CCS ’15). ACM, New York, NY, USA. 268–279. isbn:978-1-4503-3832-5 https://doi.org/10.1145/2810103.2813691
[7]
Bill Mertka. 2018. Recent Linux vulnerabilities and the importance of patching. https://www.servercentral.com/blog/linux-vulnerabilities-importance-patching/
[8]
Andrea Bittau, Adam Belay, Ali Mashtizadeh, David Mazières, and Dan Boneh. 2014. Hacking Blind. In Proceedings of the 2014 IEEE Symposium on Security and Privacy (SP ’14). IEEE Computer Society, Washington, DC, USA. 227–242. isbn:978-1-4799-4686-0 https://doi.org/10.1109/SP.2014.22
[9]
Tyler Bletsch, Xuxian Jiang, Vince W. Freeh, and Zhenkai Liang. 2011. Jump-oriented Programming: A New Class of Code-reuse Attack. In Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security (ASIACCS ’11). ACM, New York, NY, USA. 30–40. isbn:978-1-4503-0564-8 https://doi.org/10.1145/1966913.1966919
[10]
Pat Bohrer, Elmootazbellah N Elnozahy, Tom Keller, Michael Kistler, Charles Lefurgy, Chandler McDowell, and Ram Rajamony. 2002. The case for power management in web servers. In Power aware computing. Springer, 261–289. https://doi.org/10.1007/978-1-4757-6217-4_14
[11]
Erik Buchanan, Ryan Roemer, Hovav Shacham, and Stefan Savage. 2008. When Good Instructions Go Bad: Generalizing Return-oriented Programming to RISC. In Proceedings of the 15th ACM Conference on Computer and Communications Security (CCS ’08). ACM, 27–38. isbn:978-1-59593-810-7 https://doi.org/10.1145/1455770.1455776
[12]
Canonical Ltd. 2021. Ubuntu Security Features. https://wiki.ubuntu.com/Security/Features
[13]
Stephen Checkoway, Lucas Davi, Alexandra Dmitrienko, Ahmad-Reza Sadeghi, Hovav Shacham, and Marcel Winandy. 2010. Return-oriented Programming Without Returns. In Proceedings of the 17th ACM Conference on Computer and Communications Security (CCS ’10). ACM, 559–572. isbn:978-1-4503-0245-6 https://doi.org/10.1145/1866307.1866370
[14]
Haogang Chen, Yandong Mao, Xi Wang, Dong Zhou, Nickolai Zeldovich, and M. Frans Kaashoek. 2011. Linux Kernel Vulnerabilities: State-of-the-Art Defenses and Open Problems. In Proceedings of the 2nd Asia-Pacific Workshop on Systems (APSys ’11). ACM, New York, NY, USA. Article 5, 5 pages. isbn:9781450311793 https://doi.org/10.1145/2103799.2103805
[15]
Shuo Chen, Jun Xu, Emre C. Sezer, Prachi Gauriar, and Ravishankar K. Iyer. 2005. Non-control-data Attacks Are Realistic Threats. In Proceedings of the 14th USENIX Security Symposium (SSYM ’05). USENIX Association, Berkeley, CA, USA. 177–191.
[16]
X. Chen, H. Bos, and C. Giuffrida. 2017. CodeArmor: Virtualizing the Code Space to Counter Disclosure Attacks. In 2017 IEEE European Symposium on Security and Privacy (EuroS&P). 514–529. https://doi.org/10.1109/EuroSP.2017.17
[17]
Yue Chen, Zhi Wang, David Whalley, and Long Lu. 2016. Remix: On-demand Live Randomization. In Proceedings of the 6th ACM Conference on Data and Application Security and Privacy (CODASPY ’16). ACM, 50–61. isbn:978-1-4503-3935-3 https://doi.org/10.1145/2857705.2857726
[18]
Andy Chou, Junfeng Yang, Benjamin Chelf, Seth Hallem, and Dawson Engler. 2001. An Empirical Study of Operating Systems Errors. SIGOPS Oper. Syst. Rev., 35, 5 (2001), Oct., 73–88. issn:0163-5980 https://doi.org/10.1145/502059.502042
[19]
John Criswell, Nathan Dautenhahn, and Vikram Adve. 2014. KCoFI: Complete Control-Flow Integrity for Commodity Operating System Kernels. In Proceedings of the 2014 IEEE Symposium on Security and Privacy (SP ’14). IEEE Computer Society, Washington, DC, USA. 292–307. isbn:978-1-4799-4686-0 https://doi.org/10.1109/SP.2014.26
[20]
Charlie Curtsinger and Emery D. Berger. 2013. STABILIZER: Statistically Sound Performance Evaluation. In Proceedings of the 18th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS ’13). ACM, New York, NY, USA. 219–228. isbn:978-1-4503-1870-9 https://doi.org/10.1145/2451116.2451141
[21]
CVE. 2021. The number of vulnerabilities. https://cve.mitre.org
[22]
CVE Details. 2021. Linux Kernel Vulnerabilities. https://www.cvedetails.com/vulnerability-list/vendor_id-33/product_id-47/cvssscoremin-7/cvssscoremax-7.99/Linux-Linux-Kernel.html
[23]
CVE Details. 2021. MacOS X Security Vulnerabilities. https://www.cvedetails.com/vulnerability-list/vendor_id-49/product_id-156/Apple-Mac-Os-X.html
[24]
CVE Details. 2021. Windows 10 Security Vulnerabilities. https://www.cvedetails.com/vulnerability-list/vendor_id-26/product_id-32238/Microsoft-Windows-10.htmll
[25]
Lucas Davi, Ahmad-Reza Sadeghi, Daniel Lehmann, and Fabian Monrose. 2014. Stitching the gadgets: On the ineffectiveness of coarse-grained control-flow integrity protection. In Proceedings of the 23rd USENIX Security Symposium (Security ’14). 401–416.
[26]
Isaac Evans, Fan Long, Ulziibayar Otgonbaatar, Howard Shrobe, Martin Rinard, Hamed Okhravi, and Stelios Sidiroglou-Douskos. 2015. Control jujutsu: On the weaknesses of fine-grained control flow integrity. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. 901–913. https://doi.org/10.1145/2810103.2813646
[27]
Ubuntu Foundation. 2017. Weekly Newsletter, 2017-06-15. https://lists.ubuntu.com/archives/ubuntu-devel/2017-June/039816.html
[28]
Keir Fraser. 2004. Practical lock-freedom. University of Cambridge, Computer Laboratory. http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-579.pdf
[29]
Mark Gallagher, Lauren Biernacki, Shibo Chen, Zelalem Birhanu Aweke, Salessawi Ferede Yitbarek, Misiker Tadesse Aga, Austin Harris, Zhixing Xu, Baris Kasikci, Valeria Bertacco, Sharad Malik, Mohit Tiwari, and Todd Austin. 2019. Morpheus: A Vulnerability-Tolerant Secure Architecture Based on Ensembles of Moving Target Defenses with Churn. In Proceedings of the 24th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS ’19). ACM, New York, NY, USA. 469–484. isbn:9781450362405 https://doi.org/10.1145/3297858.3304037
[30]
Cristiano Giuffrida, Anton Kuijsten, and Andrew S. Tanenbaum. 2012. Enhanced Operating System Security Through Efficient and Fine-grained Address Space Randomization. In Proceedings of the 21st USENIX Security Symposium (Security ’12). USENIX Association, Berkeley, CA, USA. 475–490.
[31]
Michael Grace, Zhi Wang, Deepa Srinivasan, Jinku Li, Xuxian Jiang, Zhenkai Liang, and Siarhei Liakh. 2010. Transparent Protection of Commodity OS Kernels Using Hardware Virtualization. In SecureComm ’10. 162–180. https://doi.org/10.1007/978-3-642-16161-2_10
[32]
Daniel Gruss, Moritz Lipp, Michael Schwarz, Richard Fellner, Clémentine Maurice, and Stefan Mangard. 2017. KASLR is Dead: Long Live KASLR. In Engineering Secure Software and Systems - 9th International Symposium, ESSoS 2017, Proceedings. 10379 LNCS, Springer-Verlag Italia, Italy. 161–176. isbn:9783319621043 https://doi.org/10.1007/978-3-319-62105-0_11
[33]
Kernel Hardening. 2019. PIE support for Linux. https://www.openwall.com/lists/kernel-hardening/2019/01/31/5
[34]
Thomas E. Hart, Paul E. McKenney, Angela Demke Brown, and Jonathan Walpole. 2007. Performance of memory reclamation for lockless synchronization. J. Parallel and Distrib. Comput., 67, 12 (2007), 1270 – 1285. issn:0743-7315 https://doi.org/10.1016/j.jpdc.2007.04.010 Best Paper Awards: 20th International Parallel and Distributed Processing Symposium (IPDPS 2006)
[35]
Jorrit N. Herder, Herbert Bos, Ben Gras, Philip Homburg, and Andrew S. Tanenbaum. 2006. Reorganizing UNIX for Reliability. In Proceedings of the 11th Asia-Pacific Conference on Advances in Computer Systems Architecture (ACSAC ’06). 81–94. isbn:3-540-40056-7, 978-3-540-40056-1 https://doi.org/10.1007/11859802_8
[36]
Jason Hiser, Anh Nguyen-Tuong, Michele Co, Matthew Hall, and Jack W. Davidson. 2012. ILR: Where’D My Gadgets Go? In Proceedings of the 2012 IEEE Symposium on Security and Privacy (SP ’12). IEEE Computer Society, Washington, DC, USA. 571–585. isbn:978-0-7695-4681-0 https://doi.org/10.1109/SP.2012.39
[37]
Lu H.J., Michael Matz, Milind Girkar, Jan Hubicka, Andreas Jaeger, and Mark Mitchell. 2018. System V Application Binary Interface AMD64 Architecture Processor Supplement Version 1.0. https://github.com/hjl-tools/x86-psABI/wiki/x86-64-psABI-1.0.pdf
[38]
IARPA. 2021. VirtUE (Virtuous User Environment). https://www.iarpa.gov/index.php/research-programs/virtue
[39]
Intel Corporation. 2021. Intel 64 and IA-32 architectures software developer’s manual. https://software.intel.com/en-us/articles/intel-sdm
[40]
Paul Kocher, Daniel Genkin, Daniel Gruss, Werner Haas, Mike Hamburg, Moritz Lipp, Stefan Mangard, Thomas Prescher, Michael Schwarz, and Yuval Yarom. 2018. Spectre Attacks: Exploiting Speculative Execution. https://spectreattack.com/spectre.pdf
[41]
Jaehyuk Lee, Jinsoo Jang, Yeongjin Jang, Nohyun Kwak, Yeseul Choi, Changho Choi, Taesoo Kim, Marcus Peinado, and Brent Byunghoon Kang. 2017. Hacking in Darkness: Return-Oriented Programming against Secure Enclaves. In Proceedings of the 26th USENIX Conference on Security Symposium (SEC ’17). USENIX Association, USA. 523–539. isbn:9781931971409
[42]
J. Li, Z. Wang, T. Bletsch, D. Srinivasan, M. Grace, and X. Jiang. 2011. Comprehensive and Efficient Protection of Kernel Control Data. IEEE Transactions on Information Forensics and Security, 6, 4 (2011), Dec, 1404–1417. issn:1556-6013 https://doi.org/10.1109/TIFS.2011.2159712
[43]
Zhuohua Li, Jincheng Wang, Mingshen Sun, and John C.S. Lui. 2019. Securing the Device Drivers of Your Embedded Systems: Framework and Prototype. In Proceedings of the 14th International Conference on Availability, Reliability and Security (ARES ’19). ACM, New York, NY, USA. Article 71, 10 pages. isbn:9781450371643 https://doi.org/10.1145/3339252.3340506
[44]
LWN.net. 2004. x86 NX support. https://lwn.net/Articles/87814/
[45]
LWN.net. 2013. Kernel address space layout randomization. https://lwn.net/Articles/569635/
[46]
LWN.net. 2014. "Strong" stack protection for GCC. https://lwn.net/Articles/584225/
[47]
Next Century. 2019. SAVIOR (Secure Applications in Virtual Instantiations of Roles). https://github.com/NextCenturyCorporation/VirtUE
[48]
Ruslan Nikolaev and Binoy Ravindran. 2019. Brief Announcement: Hyaline: Fast and Transparent Lock-Free Memory Reclamation. In Proceedings of the 2019 ACM Symposium on Principles of Distributed Computing (PODC ’19). ACM, New York, NY, USA. 419–421. isbn:9781450362177 https://doi.org/10.1145/3293611.3331575
[49]
Ruslan Nikolaev and Binoy Ravindran. 2021. Snapshot-Free, Transparent, and Robust Memory Reclamation for Lock-Free Data Structures. In Proceedings of the 42nd ACM SIGPLAN International Conference on Programming Language Design and Implementation (PLDI ’21). ACM, New York, NY, USA. 987–1002. isbn:9781450383912 https://doi.org/10.1145/3453483.3454090
[50]
Nicolas Palix, Gaël Thomas, Suman Saha, Christophe Calvès, Julia Lawall, and Gilles Muller. 2011. Faults in Linux: Ten Years Later. SIGPLAN Not., 46, 3 (2011), March, 305–318. issn:0362-1340 https://doi.org/10.1145/1961296.1950401
[51]
PaX project. 2021. ASLR Design Document. https://pax.grsecurity.net/docs/aslr.txt
[52]
Marios Pomonis, Theofilos Petsios, Angelos D. Keromytis, Michalis Polychronakis, and Vasileios P. Kemerlis. 2017. kRḩar "005EX: Comprehensive Kernel Protection against Just-In-Time Code Reuse. In Proceedings of the 12th European Conference on Computer Systems (EuroSys ’17). ACM, New York, NY, USA. 420–436. isbn:9781450349383 https://doi.org/10.1145/3064176.3064216
[53]
Aravind Prakash and Heng Yin. 2015. Defeating ROP Through Denial of Stack Pivot. In Proceedings of the 31st Annual Computer Security Applications Conference (ACSAC 2015). ACM, New York, NY, USA. 111–120. isbn:978-1-4503-3682-6 https://doi.org/10.1145/2818000.2818023
[54]
Ryan Riley, Xuxian Jiang, and Dongyan Xu. 2008. Guest-Transparent Prevention of Kernel Rootkits with VMM-Based Memory Shadowing. In Proceedings of the 11th International Symposium on Recent Advances in Intrusion Detection (RAID ’08). Springer-Verlag, 1–20. isbn:978-3-540-87402-7 https://doi.org/10.1007/978-3-540-87403-4_1
[55]
Ryan Roemer, Erik Buchanan, Hovav Shacham, and Stefan Savage. 2012. Return-Oriented Programming: Systems, Languages, and Applications. ACM Trans. Inf. Syst. Secur., 15, 1 (2012), Article 2, March, 34 pages. issn:1094-9224 https://doi.org/10.1145/2133375.2133377
[56]
Giampaolo Fresi Roglia, Lorenzo Martignoni, Roberto Paleari, and Danilo Bruschi. 2009. Surgically Returning to Randomized Lib(C). In Proceedings of the 2009 Annual Computer Security Applications Conference (ACSAC ’09). IEEE Computer Society, Washington, DC, USA. 60–69. isbn:978-0-7695-3919-5 https://doi.org/10.1109/ACSAC.2009.16
[57]
ROPgadget project. 2021. ROPgadget Tool. https://github.com/JonathanSalwan/ROPgadget
[58]
Joanna Rutkowska and Rafal Wojtczuk. 2010. Qubes OS architecture. Invisible Things Lab Tech Rep. https://www.qubes-os.org/attachment/doc/arch-spec-0.3.pdf
[59]
Sascha Schirra. 2021. Ropper. https://github.com/sashs/Ropper
[60]
Edward J. Schwartz, Thanassis Avgerinos, and David Brumley. 2011. Q: Exploit Hardening Made Easy. In Proceedings of the 20th USENIX Security Symposium (SEC ’11). USENIX Association, Berkeley, CA, USA. 1–16.
[61]
Hovav Shacham. 2007. The Geometry of Innocent Flesh on the Bone: Return-into-libc Without Function Calls (on the x86). In Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS ’07). ACM, New York, NY, USA. 552–561. isbn:978-1-59593-703-2 https://doi.org/10.1145/1315245.1315313
[62]
Kevin Z. Snow, Fabian Monrose, Lucas Davi, Alexandra Dmitrienko, Christopher Liebchen, and Ahmad-Reza Sadeghi. 2013. Just-In-Time Code Reuse: On the Effectiveness of Fine-Grained Address Space Layout Randomization. In Proceedings of the 2013 IEEE Symposium on Security and Privacy (SP ’13). IEEE Computer Society, Washington, DC, USA. 574–588. isbn:978-0-7695-4977-4 https://doi.org/10.1109/SP.2013.45
[63]
Richard M. Stallman and the GCC Developer Community. 1988-2018. GNU Compiler Collection Internals. Free Software Foundation, Inc., 665–672.
[64]
Michael M. Swift, Muthukaruppan Annamalai, Brian N. Bershad, and Henry M. Levy. 2006. Recovering Device Drivers. ACM Trans. Comput. Syst., 24, 4 (2006), Nov., 333–360. issn:0734-2071 https://doi.org/10.1145/1189256.1189257
[65]
SysBench. 2021. A System Performance Benchmark. http://sysbench.sourceforge.net/
[66]
Paul Turner. 2018. Retpoline: a software construct for preventing branch-target-injection. https://support.google.com/faqs/answer/7625886
[67]
Zhi Wang, Xuxian Jiang, Weidong Cui, and Peng Ning. 2009. Countering Kernel Rootkits with Lightweight Hook Protection. In Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS ’09). ACM, 545–554. isbn:978-1-60558-894-0 https://doi.org/10.1145/1653662.1653728
[68]
Richard Wartell, Vishwath Mohan, Kevin W. Hamlen, and Zhiqiang Lin. 2012. Binary Stirring: Self-randomizing Instruction Addresses of Legacy x86 Binary Code. In Proceedings of the 2012 ACM Conference on Computer and Communications Security (CCS ’12). ACM, New York, NY, USA. 157–168. isbn:978-1-4503-1651-4 https://doi.org/10.1145/2382196.2382216
[69]
David Williams-King, Graham Gobieski, Kent Williams-King, James P. Blake, Xinhao Yuan, Patrick Colp, Michelle Zheng, Vasileios P. Kemerlis, Junfeng Yang, and William Aiello. 2016. Shuffler: Fast and Deployable Continuous Code Re-randomization. In Proceedings of the 12th USENIX Conference on Operating Systems Design and Implementation (OSDI ’16). USENIX Association, Berkeley, CA, USA. 367–382. isbn:978-1-931971-33-1
[70]
David Williams-King, Hidenori Kobayashi, Kent Williams-King, Graham Patterson, Frank Spano, Yu Jian Wu, Junfeng Yang, and Vasileios P. Kemerlis. 2020. Egalito: Layout-Agnostic Binary Recompilation. In Proceedings of the 25th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS ’20). ACM, New York, NY, USA. 133–147. isbn:9781450371025 https://doi.org/10.1145/3373376.3378470
[71]
Xen Project. 2021. PCI Passthrough. https://wiki.xenproject.org/wiki/Xen_PCI_Passthrough
[72]
J. Xu, Z. Kalbarczyk, and R. K. Iyer. 2003. Transparent runtime randomization for security. In Proceedings of the 22nd International Symposium on Reliable Distributed Systems. 260–269. issn:1060-9857 https://doi.org/10.1109/RELDIS.2003.1238076

Cited By

View all
  • (2024)Chaos: Function Granularity Runtime Address Layout Space Randomization for Kernel ModuleProceedings of the 15th ACM SIGOPS Asia-Pacific Workshop on Systems10.1145/3678015.3680476(23-30)Online publication date: 4-Sep-2024
  • (2024)Isolate and Detect the Untrusted Driver with a Virtual BoxProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3670269(4584-4597)Online publication date: 2-Dec-2024
  • (2024)Randomize the Running Function When It Is DisclosedIEEE Transactions on Computers10.1109/TC.2024.337177673:6(1516-1530)Online publication date: Jun-2024
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
ASPLOS '22: Proceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems
February 2022
1164 pages
ISBN:9781450392051
DOI:10.1145/3503222
Publication rights licensed to ACM. ACM acknowledges that this contribution was authored or co-authored by an employee, contractor or affiliate of the United States government. As such, the Government retains a nonexclusive, royalty-free right to publish or reproduce this article, or to allow others to do so, for Government purposes only.

Sponsors

In-Cooperation

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 22 February 2022

Permissions

Request permissions for this article.

Check for updates

Badges

Author Tags

  1. address space layout randomization (ASLR)
  2. operating system
  3. position-independent code (PIC)
  4. return-oriented programming (ROP)

Qualifiers

  • Research-article

Funding Sources

Conference

ASPLOS '22

Acceptance Rates

Overall Acceptance Rate 535 of 2,713 submissions, 20%

Upcoming Conference

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)441
  • Downloads (Last 6 weeks)63
Reflects downloads up to 25 Jan 2025

Other Metrics

Citations

Cited By

View all
  • (2024)Chaos: Function Granularity Runtime Address Layout Space Randomization for Kernel ModuleProceedings of the 15th ACM SIGOPS Asia-Pacific Workshop on Systems10.1145/3678015.3680476(23-30)Online publication date: 4-Sep-2024
  • (2024)Isolate and Detect the Untrusted Driver with a Virtual BoxProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3670269(4584-4597)Online publication date: 2-Dec-2024
  • (2024)Randomize the Running Function When It Is DisclosedIEEE Transactions on Computers10.1109/TC.2024.337177673:6(1516-1530)Online publication date: Jun-2024
  • (2024)Securing SoC Processors by Routing Memory Transactions Through FPGA FabricMILCOM 2024 - 2024 IEEE Military Communications Conference (MILCOM)10.1109/MILCOM61039.2024.10773818(392-398)Online publication date: 28-Oct-2024
  • (2024)Reboot-Based Recovery of Unikernels at the Component Level2024 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)10.1109/DSN58291.2024.00017(15-28)Online publication date: 24-Jun-2024
  • (2024)Mitigation of privilege escalation attack using kernel data relocation mechanismInternational Journal of Information Security10.1007/s10207-024-00890-423:5(3351-3367)Online publication date: 1-Oct-2024
  • (2023)Software Mitigation of RISC-V Spectre AttacksInnovative Security Solutions for Information Technology and Communications10.1007/978-3-031-52947-4_5(51-64)Online publication date: 23-Nov-2023
  • (2023)KDRM: Kernel Data Relocation Mechanism to Mitigate Privilege Escalation AttackNetwork and System Security10.1007/978-3-031-39828-5_4(61-76)Online publication date: 14-Aug-2023
  • (2022)An In-Depth Survey of Bypassing Buffer Overflow Mitigation TechniquesApplied Sciences10.3390/app1213670212:13(6702)Online publication date: 1-Jul-2022
  • (2022)KiteProceedings of the Seventeenth European Conference on Computer Systems10.1145/3492321.3519586(384-401)Online publication date: 28-Mar-2022

View Options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Login options

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media