Case Study: Securing Embedded Linux Using CHERI

Hesham Almatary
{"title":"Case Study: Securing Embedded Linux Using CHERI","authors":"Hesham Almatary","doi":"arxiv-2310.00933","DOIUrl":null,"url":null,"abstract":"The current embedded Linux variant lacks security as it does not have or use\nMMU support. It does not also use MPUs as they do not fit with its software\nmodel because of the design drawbacks of MPUs (i.e., coarse-grained protection\nwith fixed number of protected regions). We secure the existing embedded Linux\nversion of the RISC-V port using CHERI. CHERI is hardware-software\ncapability-based system that leverages the ISA, toolchain, programming\nlanaguages, operating systems, and applications in order to provide complete\npointer and memory safety. We believe that CHERI could provide significant\nsecurity guarantees for high-end dynamic embedded systems at lower costs,\ncompared to MMUs and MPUs, by: 1) building the entire software stack in\npure-capability CHERI C mode which provides complete spatial memory safety at\nthe kernel and user-level, 2) isolating user programs as separate ELFs, each\nwith its own CHERI-based capability table; this provides spatial memory safety\nsimilar to what the MMU offers (i.e., user programs cannot access each other's\nmemory), 3) isolating user programs from the kernel as the kernel has its own\ncapability table from the users and vice versa, and 4) compartmentalising\nkernel modules using CompartOS' linkage-based compartmentalisation. This offers\na new security front that is not possible using the current MMU-based Linux,\nwhere vulnerable/malicious kernel modules (e.g., device drivers) executing in\nthe kernel space would not compromise or take down the entire system. These are\nthe four main contributions of this paper, presenting novel CHERI-based\nmechanisms to secure embedded Linux.","PeriodicalId":501333,"journal":{"name":"arXiv - CS - Operating Systems","volume":"25 2","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2023-10-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"arXiv - CS - Operating Systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/arxiv-2310.00933","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0

Abstract

The current embedded Linux variant lacks security as it does not have or use MMU support. It does not also use MPUs as they do not fit with its software model because of the design drawbacks of MPUs (i.e., coarse-grained protection with fixed number of protected regions). We secure the existing embedded Linux version of the RISC-V port using CHERI. CHERI is hardware-software capability-based system that leverages the ISA, toolchain, programming lanaguages, operating systems, and applications in order to provide complete pointer and memory safety. We believe that CHERI could provide significant security guarantees for high-end dynamic embedded systems at lower costs, compared to MMUs and MPUs, by: 1) building the entire software stack in pure-capability CHERI C mode which provides complete spatial memory safety at the kernel and user-level, 2) isolating user programs as separate ELFs, each with its own CHERI-based capability table; this provides spatial memory safety similar to what the MMU offers (i.e., user programs cannot access each other's memory), 3) isolating user programs from the kernel as the kernel has its own capability table from the users and vice versa, and 4) compartmentalising kernel modules using CompartOS' linkage-based compartmentalisation. This offers a new security front that is not possible using the current MMU-based Linux, where vulnerable/malicious kernel modules (e.g., device drivers) executing in the kernel space would not compromise or take down the entire system. These are the four main contributions of this paper, presenting novel CHERI-based mechanisms to secure embedded Linux.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
案例研究:使用CHERI保护嵌入式Linux
当前的嵌入式Linux变体缺乏安全性,因为它不支持或不使用emmu支持。它也不使用微处理器,因为它们不适合它的软件模型,因为微处理器的设计缺陷(即,具有固定数量的受保护区域的粗粒度保护)。我们使用CHERI保护现有的嵌入式linux版本的RISC-V端口。CHERI是一种基于硬件和软件可重用性的系统,它利用ISA、工具链、编程语言、操作系统和应用程序来提供完整的指针和内存安全性。我们相信,与mmu和mpu相比,CHERI可以以更低的成本为高端动态嵌入式系统提供重要的安全保障,通过:1)构建整个软件堆栈的全功能CHERI C模式,在内核和用户级提供完整的空间存储安全;2)将用户程序隔离为独立的elf,每个elf都有自己的基于CHERI的能力表;这提供了类似于MMU提供的空间内存安全性(即,用户程序不能访问彼此的内存),3)将用户程序从内核中隔离出来,因为内核从用户中有自己的能力表,反之亦然,4)使用CompartOS的基于链接的划分将内核模块划分。这提供了使用当前基于mmu的Linux无法实现的新的安全前线,在内核空间中执行的易受攻击/恶意内核模块(例如,设备驱动程序)不会危及或摧毁整个系统。这是本文的四个主要贡献,提出了新的基于cheri的机制来保护嵌入式Linux。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
自引率
0.00%
发文量
0
期刊最新文献
Analysis of Synchronization Mechanisms in Operating Systems Skip TLB flushes for reused pages within mmap's eBPF-mm: Userspace-guided memory management in Linux with eBPF BULKHEAD: Secure, Scalable, and Efficient Kernel Compartmentalization with PKS Rethinking Programmed I/O for Fast Devices, Cheap Cores, and Coherent Interconnects
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1