Linux Security Summit Europe 2024

Device drivers are relatively low-quality yet take 70% of the kernel codebase. Thus, attackers can exploit vulnerabilities in them. While compartmentalizing vulnerable drivers can enhance security, existing methods are limited, preventing them from being widely deployed: rebooting the system is necessary which inevitably interrupts services. Syzkaller’s data indicates that avg. 7.62 unique kernel panics are reported per day. It means the machine would need multiple reboots in one day to enforce compartmentalization, which is unacceptable. In this talk, we will explore the potential of on-the-fly enforcement, the main challenge of which lies in handling transition hazards - pre-existing objects are untracked and can be misused. We will demo this attack by exploiting CVE-2022-0995, followed by O2C which aims to mitigate transition hazards. O2C has two key technical innovations: 1. software-based compartmentalization using eBPF. 2. embedding an ML model into the kernel, which lacks floating point support. O2C shows negligible overhead and excellent scalability. Detailed measurement results will be presented in the talk and the code is available at https://github.com/a8stract-lab/o2c.

Additional contributors - Tiejin Chen & Hua Wei, Arizona State University and Zicheng Wang, Nanjing University