DOPE: DOmain Protection Enforcement with PKS
Lukas Maar, Martin Schwarzl, Fabian Rauscher, Daniel Gruss, Stefan Mangard
Abstract
The number of Linux kernel vulnerabilities discovered has increased drastically over the past years. In the kernel, even simple memory safety vulnerabilities can have devastating consequences, e.g., compromising the entire system. Efforts to mitigate these vulnerabilities have so far focused mainly on control-flow hijacking attacks in the kernel. Yet, data-oriented attacks remain largely unmitigated in practice as existing mitigations are limited in providing robust security guarantees at reasonable performance overhead for multiple sensitive data objects.
Topics & Concepts
Computer scienceComputer securityKernel (algebra)Linux kernelOverhead (engineering)Simple (philosophy)Memory safetyControl flowEnforcementDomain (mathematical analysis)Memory protectionOperating systemMemory managementProgramming languageSoftwareVirtual memoryMathematical analysisCombinatoricsOverlayMathematicsPhilosophyPolitical scienceEpistemologyLawSecurity and Verification in ComputingAdvanced Malware Detection TechniquesCloud Data Security Solutions