The HitchHiker's Guide to High-Assurance System Observability Protection with Efficient Permission Switches

Chuqi Zhang, Jun Zeng, Yiming Zhang, Adil Ahmad, Fengwei Zhang, Hai Jin, Zhenkai Liang
{"title":"The HitchHiker's Guide to High-Assurance System Observability Protection with Efficient Permission Switches","authors":"Chuqi Zhang, Jun Zeng, Yiming Zhang, Adil Ahmad, Fengwei Zhang, Hai Jin, Zhenkai Liang","doi":"arxiv-2409.04484","DOIUrl":null,"url":null,"abstract":"Protecting system observability records (logs) from compromised OSs has\ngained significant traction in recent times, with several note-worthy\napproaches proposed. Unfortunately, none of the proposed approaches achieve\nhigh performance with tiny log protection delays. They also leverage risky\nenvironments for protection (\\eg many use general-purpose hypervisors or\nTrustZone, which have large TCB and attack surfaces). HitchHiker is an attempt\nto rectify this problem. The system is designed to ensure (a) in-memory\nprotection of batched logs within a short and configurable real-time deadline\nby efficient hardware permission switching, and (b) an end-to-end\nhigh-assurance environment built upon hardware protection primitives with\ndebloating strategies for secure log protection, persistence, and management.\nSecurity evaluations and validations show that HitchHiker reduces log\nprotection delay by 93.3--99.3% compared to the state-of-the-art, while\nreducing TCB by 9.4--26.9X. Performance evaluations show HitchHiker incurs a\ngeometric mean of less than 6% overhead on diverse real-world programs,\nimproving on the state-of-the-art approach by 61.9--77.5%.","PeriodicalId":501333,"journal":{"name":"arXiv - CS - Operating Systems","volume":"53 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2024-09-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"arXiv - CS - Operating Systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/arxiv-2409.04484","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0

Abstract

Protecting system observability records (logs) from compromised OSs has gained significant traction in recent times, with several note-worthy approaches proposed. Unfortunately, none of the proposed approaches achieve high performance with tiny log protection delays. They also leverage risky environments for protection (\eg many use general-purpose hypervisors or TrustZone, which have large TCB and attack surfaces). HitchHiker is an attempt to rectify this problem. The system is designed to ensure (a) in-memory protection of batched logs within a short and configurable real-time deadline by efficient hardware permission switching, and (b) an end-to-end high-assurance environment built upon hardware protection primitives with debloating strategies for secure log protection, persistence, and management. Security evaluations and validations show that HitchHiker reduces log protection delay by 93.3--99.3% compared to the state-of-the-art, while reducing TCB by 9.4--26.9X. Performance evaluations show HitchHiker incurs a geometric mean of less than 6% overhead on diverse real-world programs, improving on the state-of-the-art approach by 61.9--77.5%.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
利用高效权限开关实现高可靠性系统可观察性保护的搭便车者指南
近来,保护系统可观察性记录(日志)免受操作系统入侵的研究取得了重大进展,并提出了几种值得注意的方法。遗憾的是,所提出的方法中没有一种能以极小的日志保护延迟实现高性能。它们还利用有风险的环境进行保护(例如,许多方法使用通用管理程序或TrustZone,它们有很大的TCB和攻击面)。HitchHiker 试图纠正这一问题。该系统旨在确保(a)通过高效的硬件权限切换,在较短且可配置的实时截止时间内对成批日志进行内存保护,以及(b)基于硬件保护原语和用于安全日志保护、持久化和管理的浮动策略,构建端到端的高保证环境。安全评估和验证表明,与最先进的技术相比,HitchHiker将日志保护延迟减少了93.3%-99.3%,同时将TCB减少了9.4-26.9倍。性能评估结果表明,HitchHiker在各种实际程序上产生的开销的年龄平均值小于6%,比最先进的方法提高了61.9%-77.5%。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
自引率
0.00%
发文量
0
期刊最新文献
Analysis of Synchronization Mechanisms in Operating Systems Skip TLB flushes for reused pages within mmap's eBPF-mm: Userspace-guided memory management in Linux with eBPF BULKHEAD: Secure, Scalable, and Efficient Kernel Compartmentalization with PKS Rethinking Programmed I/O for Fast Devices, Cheap Cores, and Coherent Interconnects
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1