An analysis on the impact and detection of kernel stack infoleaks

Abstract

[EN] The Linux kernel has become a fundamental component of mainstream computing solutions, now being used in a wide range of applications ranging from consumer electronics to cloud and server solutions. Being expected to continue its growth, especially in the mission-critical workloads. Parallel to the Linux adoption has increased its misuse by attackers and malicious users. This has increased attention paid to kernel security through the deployment of kernel protection mechanisms. Kernel-based attacks require reliability, where kernel attack reliability is achieved through the information gathering stage, where the attacker is able to gather enough information about the target to succeed. The taxonomy of kernel vulnerabilities includes information leaks (CWE-200), that are a class of vulnerabilities that permit access to the kernel memory layout and contents. Information leaks can improve the attack reliability enabling the attacker to read sensitive kernel data to bypass kernel based protections. In this work, we aim at the analysis and detection of stack-based information leaks to harden the security of the kernel. First, we analyse the problem of kernel infoleaks in Section 3, next, we examine the impact of infoleaks attacks on the security of the kernel in Section 4. Then, we present a technique for detecting kernel based infoleaks through static analysis Section 5. Next, we evaluate our technique by applying it to the Linux kernel in Section 6. Finally, we discuss the applications and limitations of our work (Section 6.3) and finally we draw our concluding remarks.