DOI: 10.1145/3821570 ISSN: 1544-3566
KAGE: A Scalable and Efficient Kernel Protection Methods for Linux
Wenxin Zheng, Luyan Zhou, Jiacheng Shi, Jinyu GuKernel extensibility, while offering flexibility and functionality, introduces significant security risks to the kernel mainly due to the lack of memory safety. However, state of the art approaches are hard to achieve both high efficient address checks and comprehensive memory protection of the kernel memory space from inserted modules at runtime. The recent hardware feature, Memory Protection Keys (MPK), offers a new opportunity to efficiently achieve kernel memory isolation.
This paper proposes a lightweight memory protection mechanism, namely
KAGE
, by leveraging runtime memory information and emerging MPK.
KAGE
tracks the runtime permission switching between kernel and module memory to identify whether a target memory to access is owned by the module or not, which helps in preventing unauthorized memory access outside of the module memory. To mitigate the high overhead introduced by tracking the permission of all memory addresses,
KAGE
leverages MPK, to monitor the switching of protection domains between modules and the kernel and to check the permission during access.
KAGE
further addresses three challenges of using MPK in the kernel: supporting variable-sized kernel objects with page-sized granularity MPK, providing control flow integrity in kernel and protecting MPK integrity.
Experimental results show that
KAGE
incurs a minimal overhead of up to 2% when isolating 10GbE network driver and ext4 file system.