rebootless security patches for the linux kernel
play

Rebootless Security Patches for the Linux Kernel Caglar nver - PowerPoint PPT Presentation

Feb 09, 2023 •238 likes •574 views

Rebootless Security Patches for the Linux Kernel Caglar nver 30.05.2014 Motivation Motivation Why do we care about updates on the fly Why do we care about updates on the fly More than 90% of the attacks exploit known security

  1. Rebootless Security Patches for the Linux Kernel Caglar Ünver 30.05.2014

  2. Motivation Motivation Why do we care about updates on the fly Why do we care about updates on the fly More than 90% of the attacks exploit known security vulnerabilities ● Important bugfixes and security updates roughly every month ● Delaying the updates: a great security risk ● Reboots: Service outage, administrator supervision needed (sysadmins working on ● weekends) Challenges Challenges Commodity kernels do not have well defined boundaries between their modules ● and components Some modules are always busy ● 2

  3. Outline Outline 1. Classification of Kernel Updates Updating Code Only ● Updating Code and Existing Data ● 2. DynAMOS - The Basic Approach Quiescence Detection ● Binary Rewriting ● Redirection Table ● 3. LUCOS - Using Virtualization for Live Updates State Transfer ● 4. Ksplice - Hot Updates at Object Code Level Pre-post Differencing and Run-pre Matching ● 3 5. Conclusion and Discussion

  4. 1. Classification of Kernel Updates 1. Classification of Kernel Updates Updating Code Only Updating Code Only ● Updating Code and Existing Data Updating Code and Existing Data ● 2. DynAMOS - The Basic Approach Quiescence Detection ● Binary Rewriting ● Redirection Table ● 3. LUCOS - Using Virtualization for Live Updates State Transfer ● 4. Ksplice - Hot Updates at Object Code Level Pre-post Differencing and Run-pre Matching ● 5. Conclusion and Discussion 4

  5. Classification of Kernel Updates (1) Classification of Kernel Updates (1) Updates that modify the code only Updates that modify the code only ● Keeps the existing data structures unchanged ● May introduce new data structures, global variables ● Easy to patch, if there are no semantic changes 5

  6. Classification of Kernel Updates (2) Classification of Kernel Updates (2) Updates that modify the code and existing Updates that modify the code and existing data data ● Existing data structures will be changed ● State transfer from the old to the new data needed ● What if the semantic of the patched code is changed? 6

  7. Classification of Kernel Updates (3) Classification of Kernel Updates (3) Changing the semantic of the code void foo() void foo() { { ... ... do do { { ... ... unlock(semaphore); lock(semaphore); ... ... lock(semaphore); unlock(semaphore); ... ... } while(someVar) } while(someVar) return; return; } } 7

  8. 1. Classification of Kernel Updates Updating Code Only ● Updating Code and Existing Data ● 2. DynAMOS - The Basic Approach 2. DynAMOS - The Basic Approach Quiescence Detection Quiescence Detection ● Binary Rewriting Binary Rewriting ● Redirection Table Redirection Table ● 3. LUCOS - Using Virtualization for Live Updates State Transfer ● 4. Ksplice - Hot Updates at Object Code Level Pre-post Differencing and Run-pre Matching ● 5. Conclusion and Discussion 8

  9. DynAMOS (1) DynAMOS (1) Quiescence Quiescence ● If no parts of the resource are in use, either by sleeping processes or partially-completed transactions ● No function can be idle on the stack. ● Updating modules in quiescence state is easier ● Some processes never reach quiescence state (e.g. Process scheduler) 9

  10. DynAMOS (2) DynAMOS (2) Quiescence Detection Quiescence Detection ● Function Usage Counters (but not sufficient e.g. do_exit) ● Stack-walkthrough Method (Has side effects) 10

  11. DynAMOS (3) DynAMOS (3) Binary Rewriting Binary Rewriting ● Adds jump instruction at the top Jump Jump Virt. Addr of the function First 5 or 6 Bytes ● Make sure that no thread context or interrupt context is executing in the first 5 or 6 bytes of the function Function_V1 Function_V2 11

  12. DynAMOS (4) DynAMOS (4) State Tansfer is needed: State Tansfer is needed: ● Existing data structures changed ● Semantic of the function changed ● Updated unit not in quiescence state 12

  13. 1. Classification of Kernel Updates Updating Code Only ● Updating Code and Existing Data ● 2. DynAMOS - The Basic Approach Quiescence Detection ● Binary Rewriting ● Redirection Table ● 3. LUCOS - Using Virtualization for Live Updates 3. LUCOS - Using Virtualization for Live Updates State Transfer State Transfer ● 4. Ksplice - Hot Updates at Object Code Level Pre-post Differencing and Run-pre Matching ● 5. Conclusion and Discussion 13

  14. LUCOS (1) LUCOS (1) ● Virtual Machine Monitor(VMM) controls system resources ● VMM intercepts and emulates memory and I/O VMExit VMExit accesses 14

  15. LUCOS (2) LUCOS (2) ● Quiescence state is not a prerequisite Quiescence state is not a prerequisite ● Manual patch creation ● Patch files: Code + data structures as loadable kernel modules 15

  16. LUCOS (3) LUCOS (3) Update Manager loads VM ● kernel modules for the patched function(s) and Data1 V1 data structure(s) Function1 V1 Data1 V2 Function1 V2 Code Data VMM Update Server 16

  17. LUCOS (4) LUCOS (4) Update Manager iterates all ● VM kernel threads and makes sure that none of them is executing in the first 5 Data1 V1 bytes of the function Function1 V1 Update Manager inspects ● Data1 V2 kernel call stacks for Function1 V2 counting threads executing in the patch code Control is passed to Update ● Server via hypercall Apply Apply Code Data the patch the patch (Hypercall) (Hypercall) Update Server applies ● binary rewriting for inserting jump and for replacing return address of the VMM Update Server function 17

  18. LUCOS (5) LUCOS (5) Memory virtualization VM ● techniques provided by x86 (1) Write (1) Write architecture – Shadow Access Access Data1 V1 paging & NPT/EPT Function1 V1 Update Server resumes the ● Data1 V2 VM Function1 V2 Old function accesses to ● old data Code Data VMM Update Server 18

  19. LUCOS (6) LUCOS (6) Memory access intercepted VM ● Update Server checks if (1) Write (1) Write ● Access Access VM is accessing to either Data1 V1 versions of the data Function1 V1 Data1 V2 Function1 V2 (2) (2) VMExit VMExit Code Data VMM Update Server 19

  20. LUCOS (7) LUCOS (7) Update Server invokes VM ● state transfer function to (1) Write (1) Write maintain data consistency Access Access Data1 V1 Function1 V1 Data1 V2 Function1 V2 (2) (2) VMExit VMExit (3) State (3) State Transfer Transfer Code Data VMM Update Server 20

  21. LUCOS (8) LUCOS (8) Usage information of the VM ● old function and data is updated via callbacks Data1 V1 Callbacks are invoked in Function Function ● Function1 returns. returns. V1 the context of VMM Invoke Invoke callback callback Data1 V2 (Hypercall) (Hypercall) Function1 Update Server terminates V2 ● the patch when the old function and data is not in use Terminate Terminate Code the patch the patch Data (Hypercall) (Hypercall) VMM Update Server 21

  22. 1. Classification of Kernel Updates Updating Code Only ● Updating Code and Existing Data ● 2. DynAMOS - The Basic Approach Quiescence Detection ● Binary Rewriting ● Redirection Table ● 3. LUCOS - Using Virtualization for Live Updates State Transfer ● 4. Ksplice - Hot Updates at Object Code Level 4. Ksplice - Hot Updates at Object Code Level Pre-post Differencing and Run-pre Matching Pre-post Differencing and Run-pre Matching ● 5. Conclusion and Discussion 22

  23. Ksplice (1) Ksplice (1) ● Ksplice Inc. :Created by four MIT students based on a master's thesis ● Provides prebuilt and tested updates for the Red Hat, CentOS, Debian, Ubuntu and Fedora Linux distributions ● Acquired by Oracle on 21 July 2011 ● Used by over 700 customers running more than 100,000 production systems at that time 23

  24. Ksplice (2) Ksplice (2) ● Creating patches manually: quite complex and error prone ● Automatic patch creation ● Analysis at the Executable and Linkable Format (ELF) object code layer Doesn't matter if it's C or Assembly code ➢ Inlined functions detected ➢ ● Most of the Linux security patches do not make semantical changes to data structures 24

  25. Ksplice (3) Ksplice (3) ● Input: Original source ( pre source ) of the running kernel (buggy). ➢ The code in the running kernel ( run code ) (buggy). ➢ Source of the patched kernel ( post source ). ➢ ● Preparation Compile the pre source and post source using -ffunction- ➢ sections and -fdata-sections compiler options (gcc) Pre and post object files created ➢ 25

  26. Ksplice (4) Ksplice (4) Pre-post Differencing and Run-pre Matching Pre-post Differencing and Run-pre Matching Steps: Steps: ● Compare the pre and post object files ● Detect and replace kernel functions that have been changed ● Calculate symbols ● Detect quiescence state ● Patch 26

  27. Ksplice (5) pre-post differencing Ksplice (5) pre-post differencing Primary module has ● Post object Pre object files Diff Diff files unresolved symbols Extract Extract Extract Extract diff diff diff diff Pre code Post code optimization functions unit that that differed differed Link with generic Link with generic Kernel module Kernel module Primary module 27

Recommend

SPINFER: Inferring Semantic Patches for the Linux Kernel Lucas Serrano , Van-Anh Nguyen , Ferdian

SPINFER: Inferring Semantic Patches for the Linux Kernel Lucas Serrano , Van-Anh Nguyen , Ferdian

SPINFER: Inferring Semantic Patches for the Linux Kernel Lucas Serrano , Van-Anh Nguyen , Ferdian Thung Lingxiao Jiang , David Lo , Julia Lawall , Gilles Muller 1 Maintenance of the Linux kernel Maintenance tasks are very common in all software

937 views • 51 slides
1 Theres a kernel security researcher named Dan Rosenberg whose done a lot of linux kernel

1 Theres a kernel security researcher named Dan Rosenberg whose done a lot of linux kernel

1 Theres a kernel security researcher named Dan Rosenberg whose done a lot of linux kernel vulnerability research Thats unavoidable, but the linux kernel developers dont do very much to make the situation any better. -- Basically, the

625 views • 36 slides
Linux Kernel Security & Hardening Thomas Lamprecht January 17, 2019 Introduction The Linux

Linux Kernel Security & Hardening Thomas Lamprecht January 17, 2019 Introduction The Linux

Linux Kernel Security & Hardening Thomas Lamprecht January 17, 2019 Introduction The Linux Kernel Widespread Deployed on: powerful (high performance compute clusters) sensitive (bank, gov. systems, ..) safety critical

995 views • 29 slides
Debugging the Linux Kernel with GDB Kieran Bingham Debugging the Linux Kernel with GDB Many

Debugging the Linux Kernel with GDB Kieran Bingham Debugging the Linux Kernel with GDB Many

Debugging the Linux Kernel with GDB Kieran Bingham Debugging the Linux Kernel with GDB Many of us need to debug the Linux kernel Proprietary tools like Trace32 and DS-5 are $$$ Open source debuggers like GDB lack kernel

884 views • 40 slides
Linux Driver for APIC Authors: Berkley Shands, John DeHart, Rezwani Kabir Linux Kernel

Linux Driver for APIC Authors: Berkley Shands, John DeHart, Rezwani Kabir Linux Kernel

Linux Driver for APIC Authors: Berkley Shands, John DeHart, Rezwani Kabir Linux Kernel versions 2.2.X (user mode only) 2.3.99-pre6 (stable) 2.4.0-test1 (intel/alpha with patches) 2.4.0-test2 (intel only) Linux Driver

74 views • 4 slides
Linux Kernel Self Protection Project Linux Security Summit, Los Angeles September 14, 2017 Kees

Linux Kernel Self Protection Project Linux Security Summit, Los Angeles September 14, 2017 Kees

Linux Kernel Self Protection Project Linux Security Summit, Los Angeles September 14, 2017 Kees (Case) Cook keescook@chromium.org https://outflux.net/slides/2017/lss/kspp.pdf Agenda Background Security in the context of

652 views • 52 slides
Using Static Checking To Find Security Vulnerabilities In The Linux Kernel Linuxcon Europe 2016

Using Static Checking To Find Security Vulnerabilities In The Linux Kernel Linuxcon Europe 2016

Using Static Checking To Find Security Vulnerabilities In The Linux Kernel Linuxcon Europe 2016 Vaishali Thakkar (vaishali.thakkar@oracle.com) 1 Self Introduction Linux Kernel developer at Oracle Working in kernel security engineering group

659 views • 46 slides
Linux Kernel Security Update LinuxCon Europe Berlin, 2016 James Morris

Linux Kernel Security Update LinuxCon Europe Berlin, 2016 James Morris

Linux Kernel Security Update LinuxCon Europe Berlin, 2016 James Morris james.l.morris@oracle.com Introduction Who am I? Kernel security subsystem maintainer Started kernel development w/ FreeS/WAN in 1999 which led to Netfilter,

798 views • 48 slides
Intro to Linux Kernel Programming Don Porter Lab 4 You will write a Linux kernel module

Intro to Linux Kernel Programming Don Porter Lab 4 You will write a Linux kernel module

Intro to Linux Kernel Programming Don Porter Lab 4 You will write a Linux kernel module Linux is written in C, but does not include all standard libraries And some other idiosyncrasies This lecture will give you a crash

1.35k views • 22 slides
Secure Enhanced Linux Julian Richen SELinux? Started as a research project from the National

Secure Enhanced Linux Julian Richen SELinux? Started as a research project from the National

Secure Enhanced Linux Julian Richen SELinux? Started as a research project from the National Security Agency (NSA) A set of patches using the Linux Security Modules (LSM) Hardening GNU/Linux systems with extra security policies and

349 views • 15 slides
The State of Kernel Self Protection Linux Security Summit NA August 27, 2018 Vancouver, Canada

The State of Kernel Self Protection Linux Security Summit NA August 27, 2018 Vancouver, Canada

The State of Kernel Self Protection Linux Security Summit NA August 27, 2018 Vancouver, Canada Kees (Case) Cook keescook@chromium.org @kees_cook https://outflux.net/slides/2018/lss/kspp.pdf Kernel Self Protection Project

431 views • 15 slides
Security Enhanced Linux Thanks to David Quigley History SELinux Timeline 1985: LOCK (early Type

Security Enhanced Linux Thanks to David Quigley History SELinux Timeline 1985: LOCK (early Type

Security Enhanced Linux Thanks to David Quigley History SELinux Timeline 1985: LOCK (early Type Enforcement) 1990: DTMach / DTOS 1995: Utah Fluke / Flask 1999: 2.2 Linux Kernel (patch) 2000: 2001: 2.4 Linux Kernel (patch) 2002: LSM 2003:

764 views • 43 slides
Tizen, Security and The Internet of Things Casey Schaufler 1 Casey Schaufler Security

Tizen, Security and The Internet of Things Casey Schaufler 1 Casey Schaufler Security

Tizen, Security and The Internet of Things Casey Schaufler 1 Casey Schaufler Security Dinosaur Smack Linux Security Module Manager Tizen and Linux Kernel Security 2 Tizen Linux based operating system Project of the Linux

486 views • 23 slides
Hacking on Xen in the Linux Kernel Lisa Nguyen, Linux Kernel Intern FOSS Outreach Program for

Hacking on Xen in the Linux Kernel Lisa Nguyen, Linux Kernel Intern FOSS Outreach Program for

Hacking on Xen in the Linux Kernel Lisa Nguyen, Linux Kernel Intern FOSS Outreach Program for Women LinuxCon North America 2013 Agenda Introduction What Got Me Interested in OPW Project Overview Xen Block Ring Protocol

922 views • 13 slides
Introduction to Linux Kernel Modules Luca Abeni luca.abeni@santannapisa.it Linux Kernel Modules

Introduction to Linux Kernel Modules Luca Abeni luca.abeni@santannapisa.it Linux Kernel Modules

Introduction to Linux Kernel Modules Luca Abeni luca.abeni@santannapisa.it Linux Kernel Modules Kernel module: code that can be dynamically loaded/unloaded into the kernel at runtime Change the kernel code without needing to reboot

545 views • 13 slides
Status of the Kernel Self Protection Project Linux Security Summit 2016 Aug 25-26, Toronto Kees

Status of the Kernel Self Protection Project Linux Security Summit 2016 Aug 25-26, Toronto Kees

Status of the Kernel Self Protection Project Linux Security Summit 2016 Aug 25-26, Toronto Kees (Case) Cook keescook@chromium.org https://outflux.net/slides/2016/lss/kspp.pdf Agenda Background Security in the context of this

464 views • 42 slides
GNU/Linux Why use it? What is Linux? Linux is a UNIX-like, GPL-licensed open-source kernel. The

GNU/Linux Why use it? What is Linux? Linux is a UNIX-like, GPL-licensed open-source kernel. The

GNU/Linux Why use it? What is Linux? Linux is a UNIX-like, GPL-licensed open-source kernel. The GNU userland consists of libc, the init system (SystemD) X11 GUI toolkits etc. Ask the audience Who has used

442 views • 22 slides
Linux Kernel Self Protection Project Kernel Recipes, Paris September 28, 2017 Kees (Case)

Linux Kernel Self Protection Project Kernel Recipes, Paris September 28, 2017 Kees (Case)

Linux Kernel Self Protection Project Kernel Recipes, Paris September 28, 2017 Kees (Case) Cook keescook@chromium.org https://outflux.net/slides/2017/kr/kspp.pdf Agenda Background Security in the context of this presentation

800 views • 59 slides
. Kernel The Variability Model of the Linux Extra Conclusions Linux Study Introduction .

. Kernel The Variability Model of the Linux Extra Conclusions Linux Study Introduction .

. Krzysztof Czarnecki, Andrzej Wsowski The Variability Model of the Linux Kernel . . January 26, 2010 IT University of Copenhagen University of Leipzig University of Waterloo Steven She, Rafael Lotufo, Thorsten Berger, . Kernel The

928 views • 39 slides
LBM: A Security Framework for Peripherals within the Linux Kernel Dave (Jing) Tian*^, Grant

LBM: A Security Framework for Peripherals within the Linux Kernel Dave (Jing) Tian*^, Grant

LBM: A Security Framework for Peripherals within the Linux Kernel Dave (Jing) Tian*^, Grant Hernandez*, Joseph Choi*, Vanessa Frost*, Peter Johnson**, and Kevin Butler* *University of Florida, Gainesville, FL ^Purdue University, West Lafayette,

560 views • 38 slides
Exploiting COF Vulnerabilities in the Linux kernel Vitaly Nikolenko @vnik5287 Ruxcon - 2016

Exploiting COF Vulnerabilities in the Linux kernel Vitaly Nikolenko @vnik5287 Ruxcon - 2016

Exploiting COF Vulnerabilities in the Linux kernel Vitaly Nikolenko @vnik5287 Ruxcon - 2016 Who am I? Security researcher @ SpiderLabs Exploit dev / bug hunting / reverse engineering Agenda 1. Counter overflows in the kernel

1.02k views • 70 slides
Linux Kernel Synchronization System Calls Synchronization in Kernel the kernel RCU File

Linux Kernel Synchronization System Calls Synchronization in Kernel the kernel RCU File

3/1/20 COMP 790: OS Implementation COMP 790: OS Implementation Logical Diagram Binary Memory Threads Formats Allocators User Todays Lecture Linux Kernel Synchronization System Calls Synchronization in Kernel the kernel RCU File

647 views • 8 slides
Kernel lock-down series http://outflux.net/slides/2014/lss/lockdown.pdf Linux Security Summit,

Kernel lock-down series http://outflux.net/slides/2014/lss/lockdown.pdf Linux Security Summit,

Kernel lock-down series http://outflux.net/slides/2014/lss/lockdown.pdf Linux Security Summit, Chicago 2014 Kees Cook <keescook@chromium.org> (pronounced Case) Overview What and why Objections/Rebuttals Name

522 views • 6 slides
Linux System Security Tunables Linux System Security Tunables Linux System Security Tunables

Linux System Security Tunables Linux System Security Tunables Linux System Security Tunables

Linux System Security Tunables Linux System Security Tunables Linux System Security Tunables http://outflux.net/slides/2013/drupal/tunables.pdf R0Ng DrupalCon Portland 2013 Kees Cook <keescook@google.com> (pronounced Case) Who is

474 views • 33 slides

More recommend