xxx tolerating malicious drivers in linux
play

XXX Tolerating Malicious Drivers in Linux Silas Boyd-Wickizer and - PowerPoint PPT Presentation

Sep 30, 2023 •663 likes •1.63k views

XXX Tolerating Malicious Drivers in Linux Silas Boyd-Wickizer and Nickolai Zeldovich How could a device driver be malicious? Today's device drivers are highly privileged Write kernel memory, allocate memory, ... Drivers are complex;

  1. XXX

  2. Tolerating Malicious Drivers in Linux Silas Boyd-Wickizer and Nickolai Zeldovich

  3. How could a device driver be malicious? Today's device drivers are highly privileged Write kernel memory, allocate memory, ... Drivers are complex; developers write buggy code Result: Attackers exploit vulnerabilities

  4. How could a device driver be malicious? Today's device drivers are highly privileged Write kernel memory, allocate memory, ... Drivers are complex; developers write buggy code Result: Attackers exploit vulnerabilities

  5. How could a device driver be malicious? Today's device drivers are highly privileged Write kernel memory, allocate memory, ... Drivers are complex; developers write buggy code Result: Attackers exploit vulnerabilities

  6. Current approach User-space drivers in µ kernels (Minix, L4, ...) Write device driver in new language (Termite) Handle common faults (Nooks, microdrivers, ...)

  7. Goal Secure, efficient, & unmodified drivers on Linux

  8. Previous user-space drivers µ kernel User User User Ethernet Network Application driver stack Hardware Kernel Kernel core

  9. Previous user-space drivers µ kernel Confine driver in a process User User User Ethernet Network Application driver stack Hardware Kernel Kernel core

  10. Previous user-space drivers µ kernel Confine driver in a process User User User Ethernet Network Application driver stack Hardware Kernel General purpose syscall API to configure device Kernel core

  11. Previous user-space drivers µ kernel Confine driver in a process User User User Ethernet Network Application driver stack Hardware Kernel General purpose syscall API to configure device Kernel core Confine device with IO virtualization HW.

  12. Previous user-space drivers IPC network driver API µ kernel E.g. tx_packet Confine driver in a process User User User Ethernet Network Application driver stack Hardware Kernel General purpose syscall API to configure device Kernel core Confine device with IO virtualization HW.

  13. Current Linux driver architecture User Application Hardware Kernel Ethernet Network driver stack Kernel RT netdevice

  14. Current Linux driver architecture User Application Kernel runtime (e.g. kmalloc ) Hardware Kernel Ethernet Network driver stack Kernel RT netdevice

  15. Current Linux driver architecture User Network driver API (e.g. tx_packet ) Application Kernel runtime (e.g. kmalloc ) Hardware Kernel Ethernet Network driver stack Kernel RT netdevice

  16. Linux user-space driver problem Kernel RT and driver APIs won't work for untrusted drivers in a different AS Ethernet User User driver Application Hardware Kernel Network stack Kernel RT netdevice

  17. SUD's approach Ethernet User User driver Application Hardware Kernel Network stack Kernel RT netdevice

  18. SUD's approach SUD UML handles calls to kernel RT Ethernet User User driver Application Hardware SUD UML Kernel Network stack Kernel RT netdevice

  19. SUD's approach SUD UML handles calls to kernel RT Proxy driver and SUD UML allow reuse of existing driver APIs Ethernet User User driver Application Hardware SUD UML Kernel Ethernet Network proxy driver stack Kernel RT netdevice

  20. SUD's approach SUD UML handles calls to kernel RT Proxy driver and SUD UML allow reuse of existing driver APIs Ethernet User User driver Application Hardware SUD UML Network driver API Kernel Ethernet Network proxy driver stack Kernel RT netdevice

  21. SUD's approach SUD UML handles calls to kernel RT Proxy driver and SUD UML allow reuse of existing driver APIs Ethernet User User driver Application Hardware SUD UML SUD RPC API Network driver API Kernel Ethernet Network proxy driver stack Kernel RT netdevice

  22. SUD's approach SUD UML handles calls to kernel RT Proxy driver and SUD UML allow reuse of existing driver APIs Network driver API Ethernet User User driver Application Hardware SUD UML SUD RPC API Network driver API Kernel Ethernet Network proxy driver stack Kernel RT netdevice

  23. SUD's results Tolerate malicious device drivers Proxy drivers small (~500 LOC) One proxy driver per device class Few kernel modifications (~50 LOC) Unmodified drivers (6 test drivers) High performance, low overhead No need for new OS or language

  24. Security challenge: prevent attacks Problem: driver must perform privileged operations Memory access, driver API, DMA, interrupts, … Attacks from driver code: Direct system attacks: memory corruption, ... Driver API attacks: invalid return value, deadlock, ... Attacks from device: DMA to DRAM, peer-to-peer attacks, interrupt storms

  25. Practical challenges High performance, low overhead Challenge: interact with hardware and kernel at high rate, kernel-user switch expensive E.g. Ethernet driver ~100k times a second Reuse existing drivers and kernel Challenge: drivers assume fully-privileged kernel env. Challenge: kernel driver API complex, non-uniform

  26. SUD overview Hardware User User Driver Application SUD UML Kernel HW access Proxy driver Kernel core module

  27. SUD overview Hardware User User Driver Application SUD UML Kernel HW access Proxy driver Kernel core module

  28. Linux driver APIs Linux defines a driver API for each device class Driver and kernel functions and variables

  29. Example: wireless driver API Linux defines a driver API for each device class Driver and kernel functions and variables struct wireless_ops { int (*tx)(struct sk_buff*); int (*configure_filter)(int); ... }; struct wireless_hw { int conf; int flags .... };

  30. Example: wireless driver API Linux defines a driver API for each device class Driver and kernel functions and variables struct wireless_ops { int (*tx)(struct sk_buff*); int (*configure_filter)(int); ... }; struct wireless_hw { int conf; int flags .... }; Proxy drivers and SUD-UML convert API to RPCs

  31. Example: wireless driver API Linux defines a driver API for each device class Driver and kernel functions and variables struct wireless_ops { int (*tx)(struct sk_buff*); int (*configure_filter)(int); ... }; struct wireless_hw { int conf; int flags .... }; Proxy drivers and SUD-UML convert API to RPCs

  32. Example: wireless driver API Linux defines a driver API for each device class Driver and kernel functions and variables Called in a non- struct wireless_ops { preemptable context int (*tx)(struct sk_buff*); int (*configure_filter)(int); ... }; struct wireless_hw { int conf; int flags .... }; Proxy drivers and SUD-UML convert API to RPCs

  33. Example: wireless driver API Linux defines a driver API for each device class Driver and kernel functions and variables Called in a non- struct wireless_ops { preemptable context int (*tx)(struct sk_buff*); int (*configure_filter)(int); ... Driver API variable }; struct wireless_hw { int conf; int flags .... }; Proxy drivers and SUD-UML convert API to RPCs

  34. Wireless driver in SUD Basic driver API → SUD RPC API→ driver API Non-preemptable function: implement in proxy Driver API variable: shadow variables

  35. Example 1: transmit a packet User User Wireless Web driver browser SUD UML Hardware Kernel Wireless Wireless proxy driver core

  36. Example 1: transmit a packet User User Socket write Wireless Web driver browser SUD UML Hardware Kernel Wireless Wireless proxy driver core

  37. Example 1: transmit a packet User User Wireless Web driver browser SUD UML Hardware wireless_ops.tx Kernel Wireless Wireless proxy driver core

  38. Example 1: transmit a packet User User TX packet RPC Wireless Web driver browser SUD UML Hardware Kernel Wireless Wireless proxy driver core

  39. Example 1: transmit a packet wireless_ops.tx User User Wireless Web driver browser SUD UML Hardware Kernel Wireless Wireless proxy driver core

  40. Example 1: transmit a packet DMA TX User User Wireless Web driver browser SUD UML Hardware Kernel Wireless Wireless proxy driver core

  41. Example 2: non-preemptable callback Problem: unable to switch to user-space User User Wireless Web driver browser SUD UML Hardware Kernel Wireless Wireless proxy driver core

  42. Example 2: non-preemptable callback Problem: unable to switch to user-space User User Wireless Web driver browser Acquires a SUD UML Hardware spin lock Kernel Wireless Wireless proxy driver core

  43. Example 2: non-preemptable callback Problem: unable to switch to user-space User User Wireless Web driver browser SUD UML Hardware wireless_ops.configure_filter Kernel Wireless Wireless proxy driver core

  44. Example 2: non-preemptable callback Problem: unable to switch to user-space User User Filter RPC Wireless Web driver browser SUD UML Hardware Kernel Wireless Wireless proxy driver core

  45. Example 2: non-preemptable callback Problem: unable to switch to user-space User User Wireless Web driver browser SUD UML Hardware Kernel Wireless Wireless proxy driver core

  46. Example 2: non-preemptable callback Problem: unable to switch to user-space Solution: implement directly in proxy driver User User Wireless Web driver browser SUD UML Hardware Kernel Wireless Wireless proxy driver core

Recommend

Tolerating Hardware Device Failures in Software Asim Kadav, Matthew J. Renzelmann, Michael M.

Tolerating Hardware Device Failures in Software Asim Kadav, Matthew J. Renzelmann, Michael M.

Tolerating Hardware Device Failures in Software Asim Kadav, Matthew J. Renzelmann, Michael M. Swift University of Wisconsin-Madison Current state of OS-hardware interaction Many device drivers assume device perfection Common Linux

779 views • 45 slides
Linux Device Drivers Linux Device Drivers Kernel 2.6 1. Introduction Dr. Wolfgang Koch 2.

Linux Device Drivers Linux Device Drivers Kernel 2.6 1. Introduction Dr. Wolfgang Koch 2.

Linux Device Drivers Linux Device Drivers Kernel 2.6 1. Introduction Dr. Wolfgang Koch 2. Kernel Modules Friedrich Schiller University Jena 3. Char Drivers Department of Mathematics and 4. Advanced Char Drivers Computer Science 5.

531 views • 12 slides
Linux Device Drivers Linux Device Drivers Dr. Wolfgang Koch 1. Introduction Friedrich Schiller

Linux Device Drivers Linux Device Drivers Dr. Wolfgang Koch 1. Introduction Friedrich Schiller

Linux Device Drivers Linux Device Drivers Dr. Wolfgang Koch 1. Introduction Friedrich Schiller University Jena 2. Kernel Modules Department of Mathematics and 3. Char Drivers Computer Science 4. Advanced Char Drivers Jena, Germany 5.

529 views • 17 slides
Understanding Modern Device Drivers Why study device drivers? Linux drivers constitute ~5

Understanding Modern Device Drivers Why study device drivers? Linux drivers constitute ~5

3/6/12 Understanding Modern Device Drivers Why study device drivers? Linux drivers constitute ~5 million LOC and 70% of kernel Little exposure to this breadth of driver code from research Better understanding of drivers can lead to

484 views • 14 slides
Linux Wireless Drivers Freedom considered harmful? Felix Fietkau <nbd@openwrt.org>

Linux Wireless Drivers Freedom considered harmful? Felix Fietkau <nbd@openwrt.org>

Linux Wireless Drivers Freedom considered harmful? Felix Fietkau <nbd@openwrt.org> 2015-12-30 Introduction OpenWrt developer for >10 years Involved with Linux wireless drivers almost as long Main focus: access points and

306 views • 27 slides
HW/SW Codesign w/ FPGAs Microprogramming ECE 495/595 Introduction (Linux Device Drivers, 3rd

HW/SW Codesign w/ FPGAs Microprogramming ECE 495/595 Introduction (Linux Device Drivers, 3rd

HW/SW Codesign w/ FPGAs Microprogramming ECE 495/595 Introduction (Linux Device Drivers, 3rd Edition (www.makelinux.net/ldd3)) Device Drivers -> DD They are a well defined programming interface between the applications and the actual

486 views • 24 slides
Increasing Automation in the Backporting of Linux Drivers Using Coccinelle Luis R. Rodriguez,

Increasing Automation in the Backporting of Linux Drivers Using Coccinelle Luis R. Rodriguez,

Increasing Automation in the Backporting of Linux Drivers Using Coccinelle Luis R. Rodriguez, (SUSE Labs) Julia Lawall (Inria/LIP6/UPMC/Sorbonne University-Whisper) January, 2015 (Unpublished work) What is backporting? port Linux v3.18

682 views • 40 slides
Undermining the Linux Kernel: Malicious Code Injec:on via /dev/mem Anthony Lineberry

Undermining the Linux Kernel: Malicious Code Injec:on via /dev/mem Anthony Lineberry

Undermining the Linux Kernel: Malicious Code Injec:on via /dev/mem Anthony Lineberry anthony.lineberry@gmail.com Black Hat Europe 2009 Overview What is a rootkit? Why is protec:on difficult? Current protec:on mechanisms/bypasses

638 views • 52 slides
The Year of the Linux Video Codec Drivers Embedded Linux Conference 2017 Portland Laurent

The Year of the Linux Video Codec Drivers Embedded Linux Conference 2017 Portland Laurent

The Year of the Linux Video Codec Drivers Embedded Linux Conference 2017 Portland Laurent Pinchart laurent.pinchart@ideasonboard.com I have given many talks in conferences around the world. This one is special. During breakfast this morning I

503 views • 48 slides
Reducing Latency in Linux Wireless Network Drivers Tim Shepard shep@alum.mit.edu netdev 1.1

Reducing Latency in Linux Wireless Network Drivers Tim Shepard shep@alum.mit.edu netdev 1.1

Proceedings of NetDev 1.1: The Technical Conference on Linux Networking (February 10th-12th 2016. Seville, Spain) Reducing Latency in Linux Wireless Network Drivers Tim Shepard shep@alum.mit.edu netdev 1.1 Sevilla, Espa na 10-12

520 views • 18 slides
Embedded Systems Programming Linux GPIO & I2C Drivers (Module 13) Yann-Hang Lee Arizona

Embedded Systems Programming Linux GPIO & I2C Drivers (Module 13) Yann-Hang Lee Arizona

Embedded Systems Programming Linux GPIO & I2C Drivers (Module 13) Yann-Hang Lee Arizona State University yhlee@asu.edu (480) 727-7507 Summer 2014 Real-time Systems Lab, Computer Science and Engineering, ASU Linux GPIO Driver A GPIO

115 views • 7 slides
Embedded Linux Device Drivers Aleksandar Peji Andrija Pri Balkan Computer Congress 2014

Embedded Linux Device Drivers Aleksandar Peji Andrija Pri Balkan Computer Congress 2014

Embedded Linux Device Drivers Aleksandar Peji Andrija Pri Balkan Computer Congress 2014 September 7 th , Novi Sad, Serbia Agenda About Embedded Systems Hardware Specifics of Embedded Systems Embedded Linux Linux Device

244 views • 11 slides
Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu

Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu

Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu mihai@cs.wisc.edu 23 March 2006 What is Malicious Code? What is Malicious Code? Viruses, worms, trojans, Code that breaks your security policy.

707 views • 69 slides
Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu

Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu

Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu mihai@cs.wisc.edu 10 March 2005 What is Malicious Code? What is Malicious Code? Viruses, worms, trojans, Code that breaks your security policy.

1.16k views • 94 slides
How to avoid writing device drivers for embedded Linux Chris Simmonds 2net Limited Winchester,

How to avoid writing device drivers for embedded Linux Chris Simmonds 2net Limited Winchester,

How to avoid writing device drivers for embedded Linux Chris Simmonds 2net Limited Winchester, UK chris@2net.co.uk Abstract Modern Linux kernels provide interfaces that use of the basic I/O functions that the driver provides. Writing

412 views • 4 slides
Agenda Programming Model Linux x86 Architecture and respective adaption Memory

Agenda Programming Model Linux x86 Architecture and respective adaption Memory

Agenda Programming Model Linux x86 Architecture and respective adaption Memory Exceptions / Interrupts Multiprocessing 1 References Understanding the Linux Kernel, Bovet and Cesati Linux Device Drivers, Rubini

812 views • 49 slides
Exploring Linux Kernel Source Code with Eclipse and QTCreator Marcin Bis 2016.10.12 ELCE 2016,

Exploring Linux Kernel Source Code with Eclipse and QTCreator Marcin Bis 2016.10.12 ELCE 2016,

Exploring Linux Kernel Source Code with Eclipse and QTCreator Marcin Bis 2016.10.12 ELCE 2016, Berlin Marcin Bis marcin@bis-linux.com +48 607 075 848 Training ( http://bis-linux.com ): Embedded Linux Yocto Linux Device Drivers Development

770 views • 50 slides
Assembly Programming on Linux Assembly Programming on Linux Necessity OS Kernel Development

Assembly Programming on Linux Assembly Programming on Linux Necessity OS Kernel Development

Assembly Programming on Linux Assembly Programming on Linux Necessity OS Kernel Development 80x86 Sparc Alpha Some device drivers SCSI Controller Video Card Network Card Others that has ROM on board .. Compiler/Interpreter/Cross

282 views • 11 slides
Linux Kung Fu Introduction What is Linux? Why Linux? What is the difference between a client

Linux Kung Fu Introduction What is Linux? Why Linux? What is the difference between a client

Linux Kung Fu Introduction What is Linux? Why Linux? What is the difference between a client and a server? What is Linux? Linux generally refers to a group of Unix-like free and open-source operating system distributions that use the Linux

562 views • 53 slides
Free Electrons. Kernel, drivers and embedded Linux development, consulting, training and support.

Free Electrons. Kernel, drivers and embedded Linux development, consulting, training and support.

Free Electrons. Kernel, drivers and embedded Linux development, consulting, training and support. http://free-electrons.com 1/47 Thomas Petazzoni CTO and Embedded Linux engineer at Free Electrons Embedded Linux development : kernel and

1.09k views • 47 slides
Free Electrons. Kernel, drivers and embedded Linux development, consulting, training and support.

Free Electrons. Kernel, drivers and embedded Linux development, consulting, training and support.

Free Electrons. Kernel, drivers and embedded Linux development, consulting, training and support. http://free-electrons.com 1/45 Thomas Petazzoni CTO and Embedded Linux engineer at Free Electrons Embedded Linux development : kernel and

774 views • 45 slides
Linux and real-time Thomas Petazzoni Free Electrons 1 Free Electrons . Kernel, drivers and

Linux and real-time Thomas Petazzoni Free Electrons 1 Free Electrons . Kernel, drivers and

Linux and real-time Thomas Petazzoni Free Electrons 1 Free Electrons . Kernel, drivers and embedded Linux development, consulting, training and support. http://free-electrons.com Who am I ? Thomas Petazzoni Work for Free Electrons , an

1.04k views • 73 slides
The DRM/KMS subsystem from a newbies point of view Free Electrons. Kernel, drivers and

The DRM/KMS subsystem from a newbies point of view Free Electrons. Kernel, drivers and

The DRM/KMS subsystem from a newbies point of view Free Electrons. Kernel, drivers and embedded Linux development, consulting, training and support. http://free-electrons.com 1/49 Boris Brezillon Embedded Linux engineer and trainer at

759 views • 49 slides
Prex: Finding Guidance for Forward and Backward Porting of Linux Device Drivers Julia Lawall,

Prex: Finding Guidance for Forward and Backward Porting of Linux Device Drivers Julia Lawall,

Prex: Finding Guidance for Forward and Backward Porting of Linux Device Drivers Julia Lawall, Derek Palinski, Lukas Gnirke, Gilles Muller (Inria/LIP6) January 12, 2017 (Unpublished work) 1 The porting problem driver 4.4 2 The porting

707 views • 56 slides

More recommend