TY - GEN
T1 - A lightweight detection and recovery infrastructure of kernel objects for embedded systems
AU - Sun, Lei
AU - Nakajima, Tatsuo
PY - 2008/12/1
Y1 - 2008/12/1
N2 - The kernel objects consist of critical kernel data structures and system call functions, which are the most important data for a system, should be protected as first-class candidates. In this paper, a lightweight system-level detection and recovery infrastructure is presented for embedded systems. Inside the infrastructure, specific runtime protections have been implemented for different kernel objects, kernel data structures are protected by the periodic detection and recovery, the interception of arguments is used to protect vulnerable system calls. At runtime once any system inconsistency has been detected, predefined recovery actions will be invoked. The consistency detection regulations and corresponding recovery actions can also be flexibly customized by system developers. The infrastructure requires few modifications to kernel source code, thus it is easy to integrate into existing embedded systems. The evaluation experiment results indicate our prototype system can correctly detect the inconsistent kernel data structures caused by security attacks and also prevent kernel from exploits due to vulnerable system calls with acceptable penalty to system performance. Moreover, it is fully software-based without introducing any specific hardware and requires no modifications to system call APIs, therefore legacy commercial-off-the-shelf (COTS) applications can be also easily reused.
AB - The kernel objects consist of critical kernel data structures and system call functions, which are the most important data for a system, should be protected as first-class candidates. In this paper, a lightweight system-level detection and recovery infrastructure is presented for embedded systems. Inside the infrastructure, specific runtime protections have been implemented for different kernel objects, kernel data structures are protected by the periodic detection and recovery, the interception of arguments is used to protect vulnerable system calls. At runtime once any system inconsistency has been detected, predefined recovery actions will be invoked. The consistency detection regulations and corresponding recovery actions can also be flexibly customized by system developers. The infrastructure requires few modifications to kernel source code, thus it is easy to integrate into existing embedded systems. The evaluation experiment results indicate our prototype system can correctly detect the inconsistent kernel data structures caused by security attacks and also prevent kernel from exploits due to vulnerable system calls with acceptable penalty to system performance. Moreover, it is fully software-based without introducing any specific hardware and requires no modifications to system call APIs, therefore legacy commercial-off-the-shelf (COTS) applications can be also easily reused.
UR - http://www.scopus.com/inward/record.url?scp=63149123016&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=63149123016&partnerID=8YFLogxK
U2 - 10.1109/EUC.2008.78
DO - 10.1109/EUC.2008.78
M3 - Conference contribution
AN - SCOPUS:63149123016
SN - 9780769534923
T3 - Proceedings of The 5th International Conference on Embedded and Ubiquitous Computing, EUC 2008
SP - 136
EP - 143
BT - Proceedings of The 5th International Conference on Embedded and Ubiquitous Computing, EUC 2008
T2 - 5th International Conference on Embedded and Ubiquitous Computing, EUC 2008
Y2 - 17 December 2008 through 20 December 2008
ER -