Prevention of Kernel Memory Corruption Using Kernel Page Restriction Mechanism

An adversary's user process can compromise the security of operating system (OS) kernel, and subsequent invocation vulnerable kernel code cause memory corruption. The could overwrite data containing privilege information processes or related to features (i.e., mandatory access control). As a means protection, OS researchers have proposed multiple address space approach that partitions protect from corruption (e.g., process-local call isolation). However, in previous approach, targeted for attack still reside same memory. Consequently, adversaries simply focus on calling latest code, which relies starting points process. With aim preventing such subversion attacks, this paper proposes page restriction mechanism (KPRM), employs an alternative design method obviate objective KPRM is prohibit execution prevent writing ensures unmapping exploitation due vulnerability. Therefore, obstructed executing overwriting running kernel. Evaluation results indicate actual proof-of-concept attacks resulting successfully be prevented by KPRM. Moreover, implementations maximum latency calls 0.703µs, while overhead 100,000 Hypertext Transfer Protocol (HTTP) downloads via web client program ranged 1.188% 4.093% overhead. In addition, achieved acceptable overheads 2.459% 2.193% compile time.