A Hardware Platform for Ensuring OS Kernel Integrity on RISC-V

Donghyun Kwon,Dongil Hwang,Yunheung Paek

doi:10.3390/electronics10172068

Donghyun Kwon, Dongil Hwang + Show 1 more

Open Access

https://doi.org/10.3390/electronics10172068

Copy DOI

Journal: Electronics	Publication Date: Aug 26, 2021
Citations: 1	License type: CC BY 4.0

Affiliation: Seoul National University, Pusan National University

Abstract

The OS kernel is typically preassumed as a trusted computing base in most computing systems. However, it also implies that once an attacker takes control of the OS kernel, the attacker can seize the entire system. Because of such security importance of the OS kernel, many works have proposed security solutions for the OS kernel using an external hardware module located outside the processor. By doing this, these works can realize the physical isolation of security solutions from the OS kernel running in the processor, but they cannot access the inner state of the processor, which attackers can manipulate. Thus, they elaborated several methods to overcome such limited capability of external hardware. However, those methods usually come with several side effects, such as high-performance overhead, kernel code modifications, and/or excessively complicated hardware designs. In this paper, we introduce RiskiM, a new hardware-based monitoring platform to ensure kernel integrity from outside the host system. To deliver the inner state of the host to RiskiM, we have devised a hardware interface architecture, called PEMI. Through PEMI, RiskiM is supplied with all internal states of the host system essential for fulfilling its monitoring task to protect the kernel. To empirically validate our monitoring platform’s security strength and performance, we have fully implemented PEMI and RiskiM on a RISC-V based processor and FPGA, respectively. Our experiments show that RiskiM succeeds in the host kernel protection by detecting even the advanced attacks which could circumvent previous solutions, yet suffering from virtually no aforementioned side effects.

Highlights

Operating system (OS) kernels typically take the role of the trusted computing base (TCB) in a system
If the data address is within the kernel immutable regions such as kernel code and read-only data, we identified it as an attack
This paper proposes RISC-V Kernel Integrity Monitor (RiskiM), a new external hardware-based kernel integrity monitor

Summary

Introduction

Operating system (OS) kernels typically take the role of the trusted computing base (TCB) in a system. RISC-V has memory load and store instructions to transfer a value between the registers and memory. JAL uses two operands: immediate offset and destination register. When JAL is executed, the offset is added to the address of the JAL instruction to obtain the target address. For indirect call operation that the target address is varied according to the value in a register, the jump and link register (JALR) instruction is used. JALR uses three operands: immediate offset, base register, and destination register. The target address is calculated by adding the address in base register and immediate offset. Like JAL, x1 register is used for destination register to hold return address in JALR. Unlike the indirect call operation, x0 register is used for the destination register because there is no need to hold the return address after executing the JALR instruction

Methods

Results

Conclusion