Manipulative Interference Attacks
Pages 4569 - 4583
Abstract
A μ-kernel is an operating system (OS) paradigm that facilitates a strong cybersecurity posture for embedded systems. Unlike a monolithic OS such as Linux, a μ-kernel reduces overall system privilege by deploying most OS functionality within isolated, userspace protection domains. Moreover, a μ-kernel ensures confidentiality and integrity between protection domains (i.e., spatial isolation), and offers timing predictability for real-time tasks in mixed-criticality systems (i.e., temporal isolation). One popular μ-kernel is seL4 which offers extensive formal guarantees of implementation correctness and flexible temporal budgeting mechanisms.
However, we show that an untrusted protection domain on a μ-kernel can abuse service requests to other protection domains in order to corrode system availability. We generalize this denial-of-service (DoS) attack strategy as Manipulative Interference Attacks (MIAs) and introduce techniques to efficiently identify instances of MIAs within a configured system. Specifically, we propose a novel hybrid approach that first leverages static analysis to identify software components with influenceable execution times, and second, uses an automatically generated model-based analysis to determine which compromised protection domains can manipulate the influenceable components and trigger MIAs. We investigate the risk of MIAs in several representative system examples including the seL4 Microkit, as well as a case study of seL4 software artifacts from the DARPA Cyber Assured Systems Engineering (CASE) program. In particular, we demonstrate that our analysis is efficient enough to discover practical instances of MIAs in real-world systems.
References
[1]
Martín Abadi, Mihai Budiu, Ulfar Erlingsson, and Jay Ligatti. 2009. Control-flow integrity principles, implementations, and applications. ACM Transactions on Information and System Security (TISSEC), Vol. 13, 1 (2009), 1--40.
[2]
Defense Advanced Research Projects Agency. [n.d.]. Memory Safety. https://www.darpa.mil/program/cyber-assured-systems-engineering
[3]
National Security Agency. 2023. Software Memory Safety. (2023).
[4]
Dalal Alrajeh, Jeff Kramer, Alessandra Russo, and Sebastin Uchitel. 2009. Learning operational requirements from goal models. In 2009 IEEE 31st International Conference on Software Engineering. IEEE, 265--275.
[5]
Dalal Alrajeh, Jeff Kramer, Axel Van Lamsweerde, Alessandra Russo, and Sebastián Uchitel. 2012. Generating obstacle conditions for requirements completeness. In 2012 34th International Conference on Software Engineering (ICSE). IEEE, 705--715.
[6]
Starr Andersen. 2004. Changes to functionality in Microsoft Windows XP service pack 2. Microsoft technical document, August (2004).
[7]
James P Anderson. 1972. Information security in a multi-user computer environment. In Advances in Computers. Vol. 12. Elsevier, 1--36.
[8]
Nils Asmussen, Sebastian Haas, Adam Lackorzy'nski, and Michael Roitzsch. 2024. Core-Local Reasoning and Predictable Cross-Core Communication with M 3. In 2024 IEEE 30th Real-Time and Embedded Technology and Applications Symposium (RTAS). IEEE, 199--211.
[9]
Michael Bechtel and Heechul Yun. 2019. Denial-of-service attacks on shared cache in multicore: Analysis and prevention. In 2019 IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS). IEEE, 357--367.
[10]
Jason Belt, John Hatcliff, John Shackleton, Jim Carciofini, Todd Carpenter, Eric Mercer, Isaac Amundson, Junaid Babar, Darren Cofer, David Hardin, et al. 2023. Model-driven development for the seL4 microkernel using the HAMR framework. Journal of Systems Architecture, Vol. 134 (2023), 102789.
[11]
Sandeep Bhatkar, Daniel C DuVarney, and Ron Sekar. 2003. Address Obfuscation: An Efficient Approach to Combat a Broad Range of Memory Error Exploits. In USENIX Security symposium, Vol. 12. 291--301.
[12]
David Bigelow, Thomas Hobson, Robert Rudd, William Streilein, and Hamed Okhravi. 2015. Timely rerandomization for mitigating memory disclosures. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. 268--279.
[13]
Kevin Boos and Lin Zhong. 2017. Theseus: A state spill-free operating system. In Proceedings of the 9th Workshop on Programming Languages and Operating Systems. 29--35.
[14]
Björn B. Brandenburg. 2011. Scheduling and Locking in Multiprocessor Real-Time Operating Systems. Ph.D. Dissertation. The University of North Carolina at Chapel Hill.
[15]
David Brumley and Dawn Song. 2004. Privtrans: Automatically partitioning programs for privilege separation. In USENIX Security Symposium, Vol. 57.
[16]
A. Burns and R. Davis. 2013. Mixed Criticality Systems - A Review. Technical Report. Department of Computer Science, University of York.
[17]
Nathan Burow, Xinping Zhang, and Mathias Payer. 2019. SoK: Shining light on shadow stacks. In 2019 IEEE Symposium on Security and Privacy (SP). IEEE, 985--999.
[18]
Nicholas Carlini, Antonio Barresi, Mathias Payer, David Wagner, and Thomas R Gross. 2015. Control-Flow bending: On the effectiveness of Control-Flow integrity. In 24th USENIX Security Symposium (USENIX Security 15). 161--176.
[19]
Miguel Castro, Manuel Costa, and Tim Harris. 2006. Securing software by enforcing data-flow integrity. In Proceedings of the 7th symposium on Operating systems design and implementation. 147--160.
[20]
Gang Chen, Hai Jin, Deqing Zou, Bing Bing Zhou, Zhenkai Liang, Weide Zheng, and Xuanhua Shi. 2013. Safestack: Automatically patching stack-based buffer overflow vulnerabilities. IEEE Transactions on Dependable and Secure Computing, Vol. 10, 6 (2013), 368--379.
[21]
J Bradley Chen and Brian N Bershad. 1993. The impact of operating system structure on memory system performance. In Proceedings of the fourteenth ACM symposium on Operating systems principles. 120--133.
[22]
Shuo Chen, Jun Xu, Emre Can Sezer, Prachi Gauriar, and Ravishankar K Iyer. 2005. Non-Control-Data Attacks Are Realistic Threats. In USENIX Security Symposium, Vol. 5.
[23]
Yueqiang Cheng, Zongwei Zhou, Yu Miao, Xuhua Ding, and Robert H Deng. 2014. ROPecker: A generic and practical approach for defending against ROP attack. (2014).
[24]
WH Cheung and Anthony HS Loong. 1995. Exploring issues of operating systems structuring: from microkernel to extensible systems. ACM SIGOPS Operating Systems Review, Vol. 29, 4 (1995), 4--16.
[25]
Yi Chien, Vlad-Andrei Buadoiu, Yudi Yang, Yuqian Huo, Kelly Kaoudis, Hugo Lefeuvre, Pierre Olivier, and Nathan Dautenhahn. 2023. CIVSCOPE: Analyzing Potential Memory Corruption Bugs in Compartment Interfaces. In Proceedings of the 1st Workshop on Kernel Isolation, Safety and Verification. 33--40.
[26]
Tzi-cker Chiueh and Fu-Hau Hsu. 2001. RAD: A compile-time solution to buffer overflow attacks. In Proceedings 21st International Conference on Distributed Computing Systems. IEEE, 409--417.
[27]
Catalin Cimpanu. 2019. Microsoft: 70 percent of all security bugs are memory safety issues. https://www.zdnet.com/article/microsoft-70-percent-of-all-security-bugs-are-memory-safety-issues/
[28]
Abraham A Clements, Naif Saleh Almakhdhub, Saurabh Bagchi, and Mathias Payer. 2018. ACES: Automatic compartments for embedded systems. In 27th USENIX Security Symposium (USENIX Security 18). 65--82.
[29]
Darren Cofer. 2022. CASE Overview: Cyber Assured Systems Engineering. seL4 Summit (2022).
[30]
Crispan Cowan, Calton Pu, Dave Maier, Jonathan Walpole, Peat Bakke, Steve Beattie, Aaron Grier, Perry Wagle, Qian Zhang, and Heather Hinton. 1998. Stackguard: automatic adaptive detection and prevention of buffer-overflow attacks. In USENIX security symposium, Vol. 98. San Antonio, TX, 63--78.
[31]
Matteo Crosignani, Marco Macchiavelli, and André F Silva. 2021. Pirates without borders: The propagation of cyberattacks through firms? supply chains. FRB of New York Staff Report 937 (2021).
[32]
CrowdStrike, Inc. 2021. 2021 Global Threat Report. https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2021GTR.pdf
[33]
US Cybersecurity et al. 2023. The Case for Memory Safe Roadmaps: Why Both C-Suite Executives and Technical Experts Need to Take Memory Safe Coding Seriously. (2023).
[34]
Renzo Degiovanni, Pablo Castro, Marcelo Arroyo, Marcelo Ruiz, Nazareno Aguirre, and Marcelo Frias. 2018. Goal-conflict likelihood assessment based on model counting. In Proceedings of the 40th International Conference on Software Engineering. 1125--1135.
[35]
Renzo Degiovanni, Nicolás Ricci, Dalal Alrajeh, Pablo Castro, and Nazareno Aguirre. 2016. Goal-conflict detection based on temporal satisfiability checking. In Proceedings of the 31st IEEE/ACM International Conference on Automated Software Engineering. 507--518.
[36]
Peter J Denning. 1989. The science of computing: The Internet worm. American Scientist, Vol. 77, 2 (1989), 126--128.
[37]
Jack B. Dennis and Earl C. Van Horn. 1983. Programming semantics for multiprogrammed computations. Commun. ACM, Vol. 26, 1 (1983), 29--35. https://doi.org/10.1145/357980.357993
[38]
Joe Devietti, Colin Blundell, Milo MK Martin, and Steve Zdancewic. 2008. Hardbound: architectural support for spatial safety of the C programming language. ACM SIGOPS Operating Systems Review, Vol. 42, 2 (2008), 103--114.
[39]
Victor Duta, Fabian Freyer, Fabio Pagani, Marius Muench, and Cristiano Giuffrida. 2023. Let Me Unwind That For You: Exceptions to Backward-Edge Protection. In NDSS.
[40]
Kevin Elphinstone and Gernot Heiser. 2013. From L3 to seL4 what have we learnt in 20 years of L4 microkernels?. In Proceedings of the 24th ACM Symposium on Operating Systems Principles (SOSP). ACM, 133--150.
[41]
Dawson R Engler, M Frans Kaashoek, and James O'Toole Jr. 1995. Exokernel: An operating system architecture for application-level resource management. ACM SIGOPS Operating Systems Review, Vol. 29, 5 (1995), 251--266.
[42]
Úlfar Erlingsson, Martín Abadi, Michael Vrable, Mihai Budiu, and George C Necula. 2006. XFI: Software guards for system address spaces. In Proceedings of the 7th symposium on Operating systems design and implementation. 75--88.
[43]
Isaac Evans, Sam Fingeret, Julian Gonzalez, Ulziibayar Otgonbaatar, Tiffany Tang, Howard Shrobe, Stelios Sidiroglou-Douskos, Martin Rinard, and Hamed Okhravi. 2015. Missing the point (er): On the effectiveness of code pointer integrity. In 2015 IEEE Symposium on Security and Privacy. IEEE, 781--796.
[44]
Isaac Evans, Fan Long, Ulziibayar Otgonbaatar, Howard Shrobe, Martin Rinard, Hamed Okhravi, and Stelios Sidiroglou-Douskos. 2015. Control jujutsu: On the weaknesses of fine-grained control flow integrity. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. 901--913.
[45]
Reza Mirzazade Farkhani, Saman Jafari, Sajjad Arshad, William Robertson, Engin Kirda, and Hamed Okhravi. 2018. On the effectiveness of type-based control flow integrity. In Proceedings of the 34th Annual Computer Security Applications Conference. 28--39.
[46]
Peter H Feiler, David P Gluch, and John Hudak. 2006. The architecture analysis & design language (AADL): An introduction. (2006).
[47]
Tommaso Frassetto, Patrick Jauernig, David Koisser, and Ahmad-Reza Sadeghi. 2022. CFInsight: A Comprehensive Metric for CFI Policies. In NDSS.
[48]
Eran Gabber, Christopher Small, John L. Bruno, José Carlos Brustoloni, and Avi Silberschatz. 1999. Pebble: A component-based operating system for embedded applications. In USENIX Workshop on Embedded Systems. USENIX Association, 55--65.
[49]
Phani Kishore Gadepalli, Gregor Peach, Gabriel Parmer, Joseph Espy, and Zach Day. 2019. Chaos: A System for Criticality-Aware, Multi-core Coordination. In 25th IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS). IEEE, 77--89.
[50]
Qian Ge, Yuval Yarom, Tom Chothia, and Gernot Heiser. 2019. Time protection: The missing OS abstraction. In Proceedings of the Fourteenth EuroSys Conference 2019. 1--17.
[51]
Adrien Ghosn, Marios Kogias, Mathias Payer, James R Larus, and Edouard Bugnion. 2021. Enclosure: language-based restriction of untrusted libraries. In Proceedings of the 26th ACM International Conference on Architectural Support for Programming Languages and Operating Systems. 255--267.
[52]
Enes Göktacs, Elias Athanasopoulos, Michalis Polychronakis, Herbert Bos, and Georgios Portokalidis. 2014. Size Does Matter: Why Using Gadget-Chain Length to Prevent Code-Reuse Attacks is Hard. In 23rd USENIX Security Symposium (USENIX Security 14). 417--432.
[53]
Khilan Gudka, Robert NM Watson, Jonathan Anderson, David Chisnall, Brooks Davis, Ben Laurie, Ilias Marinos, Peter G Neumann, and Alex Richardson. 2015. Clean application compartmentalization with SOAAP. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. 1016--1031.
[54]
Per Brinch Hansen. 1970. The nucleus of a multiprogramming system. Commun. ACM, Vol. 13, 4 (1970), 238--241.
[55]
David S Hardin and Konrad L Slind. 2021. Formal synthesis of filter components for use in security-enhancing architectural transformations. In 2021 IEEE Security and Privacy Workshops (SPW). IEEE, 111--120.
[56]
Gernot Heiser. 2019. How to (and how not to) use seL4 IPC. https://microkerneldude.org/2019/03/07/how-to-and-how-not-to-use-sel4-ipc/
[57]
Hong Hu, Zheng Leong Chua, Zhenkai Liang, and Prateek Saxena. 2015. Identifying arbitrary memory access vulnerabilities in privilege-separated software. In Computer Security--ESORICS 2015: 20th European Symposium on Research in Computer Security, Vienna, Austria, September 21--25, 2015, Proceedings, Part II 20. Springer, 312--331.
[58]
Hong Hu, Shweta Shinde, Sendroiu Adrian, Zheng Leong Chua, Prateek Saxena, and Zhenkai Liang. 2016. Data-oriented programming: On the expressiveness of non-control data attacks. In 2016 IEEE Symposium on Security and Privacy (SP). IEEE, 969--986.
[59]
Kaiming Huang, Yongzhe Huang, Mathias Payer, Zhiyun Qian, Jack Sampson, Gang Tan, and Trent Jaeger. 2022. The taming of the stack: Isolating stack data from memory errors. In NDSS.
[60]
Intel Intel. 64. and IA-32 architectures software developers manual. Volume 3A: System Programming Guide, Part, Vol. 1, 64 ( 64), 64.
[61]
Kyriakos K Ispoglou, Bader AlBassam, Trent Jaeger, and Mathias Payer. 2018. Block oriented programming: Automating data-only attacks. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. 1868--1882.
[62]
Samuel Jero, Juliana Furgala, Runyu Pan, Phani Kishore Gadepalli, Alexandra Clifford, Bite Ye, Roger Khazan, Bryan C Ward, Gabriel Parmer, and Richard Skowyra. 2021. Practical Principle of Least Privilege for Secure Embedded Systems. In 27th IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS). IEEE, 1--13.
[63]
Ralf Jung, Jacques-Henri Jourdan, Robbert Krebbers, and Derek Dreyer. 2020. Safe systems programming in Rust: The promise and the challenge. Commun. ACM (2020).
[64]
Gaurav S Kc, Angelos D Keromytis, and Vassilis Prevelakis. 2003. Countering code-injection attacks with instruction-set randomization. In Proceedings of the 10th ACM conference on Computer and communications security. 272--280.
[65]
David R Keppler, M Faraz Karim, Matthew S Mickelson, and J Sukarno Mertoguno. 2024. Experimentation and implementation of BFT cyber-attack resilience mechanism for cyber physical systems. ACM Transactions on Cyber-Physical Systems (2024).
[66]
Gerwin Klein, June Andronick, Kevin Elphinstone, Toby Murray, Thomas Sewell, Rafal Kolanski, and Gernot Heiser. 2014. Comprehensive formal verification of an OS microkernel. ACM Transactions on Computer Systems (TOCS), Vol. 32, 1 (2014), 1--70.
[67]
Gerwin Klein, Kevin Elphinstone, Gernot Heiser, June Andronick, David Cock, Philip Derrin, Dhammika Elkaduwe, Kai Engelhardt, Rafal Kolanski, Michael Norrish, et al. 2009. seL4: Formal verification of an OS kernel. In Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles. 207--220.
[68]
Ihor Kuz, Yan Liu, Ian Gorton, and Gernot Heiser. 2007. CAmkES: A component model for secure microkernel-based embedded systems. Journal of Systems and Software, Vol. 80, 5 (2007), 687--699.
[69]
A van Lamsweerde. 2009. Requirements engineering: from system goals to UML models to software specifications. John Wiley & Sons, Ltd.
[70]
Hugo Lefeuvre, Vlad-Andrei Buadoiu, Yi Chien, Felipe Huici, Nathan Dautenhahn, and Pierre Olivier. 2022. Assessing the impact of interface vulnerabilities in compartmentalized software. arXiv preprint arXiv:2212.12904 (2022).
[71]
Ben Leslie. 2006. GrailOS: A micro-kernel based, multi-server, multi-personality operating system. In Workshop on Object Systems and Software Architectures (WOSSA 2006).
[72]
Ben Leslie and Gernot Heiser. 2020. The sel4 core platform. TS/sel4cp/2011-draft-spec.pdf (2020).
[73]
Amit Levy, Bradford Campbell, Branden Ghena, Daniel B Giffin, Pat Pannuto, Prabal Dutta, and Philip Levis. 2017. Multiprogramming a 64kb computer safely and efficiently. In Proceedings of the 26th Symposium on Operating Systems Principles. 234--251.
[74]
Chong Li, Xi Sisu, Lu Chenyang, Christopher D. Gill, and Roch Guerin. 2015. Prioritizing soft real-time network traffic in virtualized hosts based on xen. In 2015 IEEE 21st Real-Time and Embedded Technology and Applications Symposium (RTAS). IEEE, 95--107.
[75]
Jochen Liedtke. 1993. Improving IPC by kernel design. In Proceedings of the Fourteenth ACM Symposium on Operating Systems Principles (SOSP). 175--188.
[76]
Jochen Liedtke. 1995. On μ-kernel construction. ACM SIGOPS Operating Systems Review, Vol. 29, 5 (1995), 237--250.
[77]
Jochen Liedtke, Hermann Hartig, and Michael Hohmuth. 1997 a. OS-controlled cache predictability for real-time systems. In Proceedings Third IEEE Real-Time Technology and Applications Symposium. IEEE, 213--224.
[78]
Jochen Liedtke, Nayeem Islam, and Trent Jaeger. 1997 b. Preventing denial-of-service attacks on a textmu-kernel for WebOSes. In Proceedings of The Sixth Workshop on Hot Topics in Operating Systems (HotOS). IEEE Computer Society, 73--79.
[79]
Shen Liu, Gang Tan, and Trent Jaeger. 2017. Ptrsplit: Supporting general pointers in automatic program partitioning. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. 2359--2371.
[80]
llvm compiler infrastructure project. [n.d.]. llvm-test-suite. https://github.com/llvm/llvm-test-suite
[81]
Loonwerks. [n.d.] a. CASE: Cyber Assured Systems Engineering. https://loonwerks.com/projects/case.html
[82]
Loonwerks. [n.d.] b. CASE-Final. https://github.com/loonwerks/CASE-Final/tree/main
[83]
Kangjie Lu. 2023. Practical program modularization with type-based dependence analysis. In 2023 IEEE Symposium on Security and Privacy (SP). IEEE, 1256--1270.
[84]
Anna Lyons, Kent McLeod, Hesham Almatary, and Gernot Heiser. 2018. Scheduling-context capabilities: A principled, light-weight operating-system mechanism for managing time. In Proceedings of the Thirteenth EuroSys Conference. ACM, 26:1--26:16.
[85]
Jeff Magee and Jeff Kramer. 1999. State models and java programs. wiley Hoboken.
[86]
Nicholas D Matsakis and Felix S Klock. 2014. The rust language. ACM SIGAda Ada Letters, Vol. 34, 3 (2014), 103--104.
[87]
Derrick Paul McKee, Yianni Giannaris, Carolina Ortega, Howard E Shrobe, Mathias Payer, Hamed Okhravi, and Nathan Burow. 2022. Preventing Kernel Hacks with HAKCs. In NDSS. 1--17.
[88]
Samuel Mergendahl, Nathan Burow, and Hamed Okhravi. 2022. Cross-Language Attacks. In NDSS.
[89]
Samuel Mergendahl, Samuel Jero, Bryan C Ward, Juliana Furgala, Gabriel Parmer, and Richard Skowyra. 2022. The thundering herd: Amplifying kernel interference to attack response times. In 2022 IEEE 28th Real-Time and Embedded Technology and Applications Symposium (RTAS). IEEE, 95--107.
[90]
Jeff Meyerson. 2014. The go programming language. IEEE software, Vol. 31, 5 (2014), 104--104.
[91]
Toby Murray, Daniel Matichuk, Matthew Brassil, Peter Gammie, Timothy Bourke, Sean Seefried, Corey Lewis, Xin Gao, and Gerwin Klein. 2013. seL4: From general purpose to a proof of information flow enforcement. In 2013 IEEE Symposium on Security and Privacy. IEEE, 415--429.
[92]
Thomas Moscibroda Onur Mutlu. 2007. Memory performance attacks: Denial of memory service in multi-core systems. In USENIX security.
[93]
John Mylopoulos, Lawrence Chung, Brian Nixon, et al. 1992. Representing and using nonfunctional requirements: A process-oriented approach. IEEE Transactions on software engineering, Vol. 18, 6 (1992), 483--497.
[94]
Santosh Nagarakatte, Jianzhou Zhao, Milo MK Martin, and Steve Zdancewic. 2009. SoftBound: Highly compatible and complete spatial memory safety for C. In Proceedings of the 30th ACM SIGPLAN Conference on Programming Language Design and Implementation. 245--258.
[95]
Shravan Narayan, Craig Disselkoen, Tal Garfinkel, Nathan Froyd, Eric Rahm, Sorin Lerner, Hovav Shacham, and Deian Stefan. 2020. Retrofitting fine grain isolation in the Firefox renderer. In 29th USENIX Security Symposium (USENIX Security 20). 699--716.
[96]
Vikram Narayanan, Tianjiao Huang, David Detweiler, Dan Appel, Zhaofeng Li, Gerd Zellweger, and Anton Burtsev. 2020. RedLeaf: Isolation and Communication in a Safe Operating System. In 14th USENIX Symposium on Operating Systems Design and Implementation (OSDI 20). 21--39.
[97]
Luyao Niu, Dinuka Sahabandu, Andrew Clark, and Radha Poovendran. 2022. Verifying safety for resilient cyber-physical systems via reactive software restart. In 2022 ACM/IEEE 13th International Conference on Cyber-Physical Systems (ICCPS). IEEE, 104--115.
[98]
National Institute of Standards and Technology. 2024. The NIST Cybersecurity Framework (CSF) 2.0. (2024).
[99]
Peter Csaba Ölveczky, Artur Boronat, and José Meseguer. 2010. Formal semantics and analysis of behavioral AADL models in Real-Time Maude. In International Conference on Formal Methods for Open Object-Based Distributed Systems. Springer, 47--62.
[100]
Aleph One. 1996. Smashing the stack for fun and profit. Phrack magazine, Vol. 7, 49 (1996), 14--16.
[101]
Shrinivas Anand Panchamukhi and Frank Mueller. 2015. Providing task isolation via tlb coloring. In 21st IEEE Real-Time and Embedded Technology and Applications Symposium. IEEE, 3--13.
[102]
Vasilis Pappas, Michalis Polychronakis, and Angelos D Keromytis. 2013. Transparent ROP exploit mitigation using indirect branch tracing. In 22nd USENIX Security Symposium (USENIX Security 13). 447--462.
[103]
Soyeon Park, Sangho Lee, Wen Xu, Hyungon Moon, and Taesoo Kim. 2019. libmpk: Software abstraction for intel memory protection keys (intel MPK). In 2019 USENIX Annual Technical Conference (USENIXATC 19). 241--254.
[104]
Gabriel Parmer. 2010. The case for thread migration: Predictable IPC in a customizable and reliable OS. In Proceedings of the Workshop on Operating Systems Platforms for Embedded Real-Time applications (OSPERT). 91.
[105]
Pratyush Patel, Manohar Vanga, and Björn B. Brandenburg. 2017. TimerShield: Protecting High-Priority Tasks from Low-Priority Timer Interference. In 2017 IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS). IEEE Computer Society, 3--12.
[106]
Mathieu Paturel, Isitha Subasinghe, and Gernot Heiser. 2023. First steps in verifying the seL4 Core Platform. In Proceedings of the 14th ACM SIGOPS Asia-Pacific Workshop on Systems. 9--15.
[107]
Rodolfo Pellizzoni and Heechul Yun. 2016. Memory servers for multicore systems. In 2016 IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS). IEEE, 1--12.
[108]
Sean Peters, Adrian Danis, Kevin Elphinstone, and Gernot Heiser. 2015. For a microkernel, a big lock is fine. In Proceedings of the 6th Asia-Pacific Workshop on Systems. 1--7.
[109]
Amir Pnueli. 1977. The temporal logic of programs. In 18th Annual Symposium on Foundations of Computer Science (sfcs 1977). ieee, 46--57.
[110]
LLVM Compiler Infrastructure Project. [n.d.]. LLVM test-suite Guide. https://llvm.org/docs/TestSuiteGuide.html
[111]
The Chromium Projects. [n.d.]. Memory Safety. https://www.chromium.org/Home/chromium-security/memory-safety/
[112]
Elijah Rivera, Samuel Mergendahl, Howard Shrobe, Hamed Okhravi, and Nathan Burow. 2021. Keeping safe rust safe with galeed. In Proceedings of the 37th Annual Computer Security Applications Conference. 824--836.
[113]
Kevin Rose. 2024. Did One Guy Just Stop a Huge Cyberattack? The New York Times (2024).
[114]
David Schrammel, Samuel Weiser, Stefan Steinegger, Martin Schwarzl, Michael Schwarz, Stefan Mangard, and Daniel Gruss. 2020. Donky: Domain Keys--Efficient In-Process Isolation for RISC-V and x86. In 29th USENIX Security Symposium (USENIX Security 20). 1677--1694.
[115]
Jeff Seibert, Hamed Okhravi, and Eric Söderström. 2014. Information leaks without memory disclosures: Remote side channel attacks on diversified code. In Proceedings of the 2014 ACM SIGSAC conference on computer and communications security. 54--65.
[116]
seL4 Foundation. [n.d.]. rust-microkit-demo. https://github.com/seL4/rust-microkit-demo
[117]
Thomas Sewell, Felix Kam, and Gernot Heiser. 2016. Complete, high-assurance determination of loop bounds and infeasible paths for WCET analysis. In 2016 IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS). IEEE, 1--11.
[118]
Thomas Sewell, Simon Winwood, Peter Gammie, Toby Murray, June Andronick, and Gerwin Klein. 2011. seL4 enforces integrity. In International Conference on Interactive Theorem Proving. Springer, 325--340.
[119]
Thomas Arthur Leck Sewell, Magnus O Myreen, and Gerwin Klein. 2013. Translation validation for a verified OS kernel. In Proceedings of the 34th ACM SIGPLAN conference on Programming language design and implementation. 471--482.
[120]
Lui Sha, Ragunathan Rajkumar, and John P Lehoczky. 1990. Priority inheritance protocols: An approach to real-time synchronization. IEEE Transactions on computers, Vol. 39, 9 (1990), 1175--1185.
[121]
Hovav Shacham. 2007. The geometry of innocent flesh on the bone: Return-into-libc without function calls (on the x86). In Proceedings of the 14th ACM conference on Computer and communications security. 552--561.
[122]
Hovav Shacham, Matthew Page, Ben Pfaff, Eu-Jin Goh, Nagendra Modadugu, and Dan Boneh. 2004. On the effectiveness of address-space randomization. In Proceedings of the 11th ACM conference on Computer and communications security. 298--307.
[123]
Jonathan Shapiro, Jonathan Smith, and David Farber. 1999. EROS: A fast capability system. In 17th ACM Symposium on Operating systems principles. ACM, 170--185.
[124]
Jonathan S. Shapiro. 2003. Vulnerabilities in Synchronous IPC Designs. In Proceedings of the 2003 IEEE Symposium on Security and Privacy. IEEE Computer Society, 251--262.
[125]
Yan Shoshitaishvili, Ruoyu Wang, Christopher Salls, Nick Stephens, Mario Polino, Andrew Dutcher, John Grosen, Siji Feng, Christophe Hauser, Christopher Kruegel, and Giovanni Vigna. 2016. SoK: (state of) the art of war: Offensive techniques in binary analysis. In 2016 IEEE Symposium on Security and Privacy (SP). IEEE, 985--999.
[126]
Dokyung Song, Julian Lettner, Prabhu Rajasekaran, Yeoul Na, Stijn Volckaert, Per Larsen, and Michael Franz. 2019. SoK: Sanitizing for security. In 2019 IEEE Symposium on Security and Privacy (SP). IEEE, 1275--1295.
[127]
Brinkley Sprunt, Lui Sha, and John Lehoczky. 1989. Aperiodic task scheduling for hard-real-time systems. Real-Time Systems, Vol. 1, 1 (1989), 27--60.
[128]
Udo Steinberg and Bernhard Kauer. 2010. NOVA: A microhypervisor-based secure virtualization architecture. In Proceedings of the 5th European conference on Computer systems (EuroSys). ACM, 209--222.
[129]
Udo Steinberg, Jean Wolter, and Hermann Härtig. 2005. Fast Component Interaction for Real-Time Systems. In Proceedings of the 17th Euromicro Conference on Real-Time Systems (ECRTS). IEEE Computer Society, 89--97.
[130]
Laszlo Szekeres, Mathias Payer, Tao Wei, and Dawn Song. 2013. Sok: Eternal war in memory. In 2013 IEEE Symposium on Security and Privacy. IEEE, 48--62.
[131]
Caroline Tice, Tom Roeder, Peter Collingbourne, Stephen Checkoway, Úlfar Erlingsson, Luis Lozano, and Geoff Pike. 2014. Enforcing Forward-EdgeControl-Flow integrity in GCC & LLVM. In 23rd USENIX security symposium (USENIX security 14). 941--955.
[132]
Minh Tran, Mark Etheridge, Tyler Bletsch, Xuxian Jiang, Vincent Freeh, and Peng Ning. 2011. On the expressiveness of return-into-libc attacks. In International Workshop on Recent Advances in Intrusion Detection. Springer, 121--141.
[133]
Anjo Vahldiek-Oberwagner, Eslam Elnikety, Nuno O Duarte, Michael Sammler, Peter Druschel, and Deepak Garg. 2019. ERIM: Secure, efficient in-process isolation with protection keys (MPK). In 28th USENIX Security Symposium (USENIX Security 19). 1221--1238.
[134]
Axel Van Lamsweerde, Robert Darimont, and Emmanuel Letier. 1998. Managing conflicts in goal-driven requirements engineering. IEEE transactions on Software engineering, Vol. 24, 11 (1998), 908--926.
[135]
Steven H VanderLeest. 2016. The open source, formally-proven seL4 microkernel: considerations for use in avionics. In 2016 IEEE/AIAA 35th Digital Avionics Systems Conference (DASC). IEEE, 1--9.
[136]
Steve Vestal. 2007. Preemptive scheduling of multi-criticality systems with varying degrees of execution time assurance. In 28th IEEE International Real-Time Systems Symposium. IEEE Computer Society, 239--243.
[137]
Robert Wahbe, Steven Lucco, Thomas E Anderson, and Susan L Graham. 1993. Efficient software-based fault isolation. In Proceedings of the fourteenth ACM symposium on Operating systems principles. 203--216.
[138]
Hongwei Xi and Frank Pfenning. 1998. Eliminating array bound checking through dependent types. In Proceedings of the ACM SIGPLAN 1998 conference on Programming language design and implementation. 249--257.
[139]
Jianhao Xu, Luca Di Bartolomeo, Flavio Toffalini, Bing Mao, and Mathias Payer. 2023. Warpattack: bypassing cfi through compiler-introduced double-fetches. In 2023 IEEE Symposium on Security and Privacy (SP). IEEE, 1271--1288.
[140]
Heechul Yun, Renato Mancuso, Zheng-Pei Wu, and Rodolfo Pellizzoni. 2014. PALLOC: DRAM bank-aware memory allocator for performance isolation on multicore platforms. In 2014 IEEE 19th Real-Time and Embedded Technology and Applications Symposium (RTAS). IEEE, 155--166.
[141]
Heechul Yun, Gang Yao, Rodolfo Pellizzoni, Marco Caccamo, and Lui Sha. 2013. Memguard: Memory bandwidth reservation system for efficient performance isolation in multi-core platforms. In 2013 IEEE 19th Real-Time and Embedded Technology and Applications Symposium (RTAS). IEEE, 55--64.
[142]
Feng Zhou, Jeremy Condit, Zachary Anderson, Ilya Bagrak, Rob Ennals, Matthew Harren, George Necula, and Eric Brewer. 2006. SafeDrive: Safe and recoverable extensions using language-based techniques. In Proceedings of the 7th symposium on Operating systems design and implementation. 45--60.
[143]
Yajin Zhou, Xiaoguang Wang, Yue Chen, and Zhi Wang. 2014. Armlock: Hardware-based fault isolation for arm. In Proceedings of the 2014 ACM SIGSAC conference on computer and communications security. 558--569.
Index Terms
- Manipulative Interference Attacks
Recommendations
Detecting SYN flooding attacks based on traffic prediction
SYN flooding attacks are a common type of distributed denial-of-service attacks. Up to now, many defense schemes have been proposed against SYN flooding attacks. Traditional defense schemes rely on passively sniffing an attacking signature and are ...
Inputs of Coma: Static Detection of Denial-of-Service Vulnerabilities
CSF '09: Proceedings of the 2009 22nd IEEE Computer Security Foundations SymposiumAs networked systems grow in complexity, they are increasingly vulnerable to denial-of-service (DoS) attacks involving resource exhaustion. A single malicious "input of coma" can trigger high-complexity behavior such as deep recursion in a carelessly ...
Detecting and Exploiting Second Order Denial-of-Service Vulnerabilities in Web Applications
CCS '15: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications SecurityThis paper describes a new class of denial-of-service (DoS) attack, which we refer to as Second Order DoS attacks. These attacks consist of two phases, one that pollutes a database with junk entries and another that performs a costly operation on these ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
December 2024
5188 pages
ISBN:9798400706363
DOI:10.1145/3658644
- General Chairs:
- Bo Luo,
- Xiaojing Liao,
- Jun Xu,
- Program Chairs:
- Engin Kirda,
- David Lie
Copyright © 2024 Owner/Author.
This work is licensed under a Creative Commons Attribution International 4.0 License.
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 09 December 2024
Check for updates
Author Tags
Qualifiers
- Research-article
Conference
CCS '24
Sponsor:
CCS '24: ACM SIGSAC Conference on Computer and Communications Security
October 14 - 18, 2024
UT, Salt Lake City, USA
Acceptance Rates
Overall Acceptance Rate 1,261 of 6,999 submissions, 18%
Upcoming Conference
CCS '25
- Sponsor:
- sigsac
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 217Total Downloads
- Downloads (Last 12 months)217
- Downloads (Last 6 weeks)86
Reflects downloads up to 15 Feb 2025
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in