MMU-based Access Control for Libraries

Marinos Tsantekidis, Vassilis Prevelakis

2021

Abstract

Code Reuse Attacks can trick the CPU into performing some actions not originally intended by the running program. This is due to the fact that the execution can move anywhere within a process’s executable memory area, as well as the absence of policy checks when a transfer is performed. In our effort to defend against this type of attacks, in an earlier paper we present a Proof-of-Concept mitigation technique based on a modified Linux kernel where each library - either dynamically or statically linked - constitutes a separate code region. The idea behind this technique is to compartmentalize memory in order to control access to the different memory segments, through a gate. Taking our previous work one step further, in this paper we present an updated version of our kernel-side technique, where we implement security policies in order to identify suspicious behavior and take some action accordingly.

Download


Paper Citation


in Harvard Style

Tsantekidis M. and Prevelakis V. (2021). MMU-based Access Control for Libraries. In Proceedings of the 18th International Conference on Security and Cryptography - Volume 1: SECRYPT, ISBN 978-989-758-524-1, pages 686-691. DOI: 10.5220/0010536706860691


in Bibtex Style

@conference{secrypt21,
author={Marinos Tsantekidis and Vassilis Prevelakis},
title={MMU-based Access Control for Libraries},
booktitle={Proceedings of the 18th International Conference on Security and Cryptography - Volume 1: SECRYPT,},
year={2021},
pages={686-691},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0010536706860691},
isbn={978-989-758-524-1},
}


in EndNote Style

TY - CONF

JO - Proceedings of the 18th International Conference on Security and Cryptography - Volume 1: SECRYPT,
TI - MMU-based Access Control for Libraries
SN - 978-989-758-524-1
AU - Tsantekidis M.
AU - Prevelakis V.
PY - 2021
SP - 686
EP - 691
DO - 10.5220/0010536706860691