TY - JOUR
AU - Chang, Rui
AB - Memory corruption vulnerabilities pose a significant threat to system security. The traditional paging-based approach cannot protect fine-grained runtime data (e.g., function pointers), which are often mixed with other data in memory. To protect the runtime data, data space randomization is proposed to encrypt the in-memory data so that the attacker cannot control the decrypted result. Unfortunately, current hardware does not provide dedicated support for fine-grained data encryption.This article presents RegVault II, a cross-architectural hardware-assisted lightweight data randomization scheme for OS kernels. To achieve robust, fine-grained, and lightweight data protection, we first identify five required capabilities for efficient and secure data randomization. Guided by these requirements, we design and implement novel hardware primitives that provide cryptographically strong encryption and decryption, thus ensuring both confidentiality and integrity for register-grained data. At the software level, we propose identification- and annotation-based approaches to automatically mark sensitive data and instrument the corresponding load and store operations. We also introduce new techniques to protect the interrupt context and safeguard the sensitive data spilling. We implement RegVault II on an actual FPGA hardware board for RISC-V and on QEMU for Arm, applying it to protect six types of sensitive data in the Linux kernel. Our thorough security and performance evaluations show that RegVault II effectively defends against a broad range of kernel data attacks while incurring minimal performance overhead.
TI - RegVault II: Achieving Hardware-Assisted Selective Kernel Data Randomization for Multiple Architectures
JF - ACM Transactions on Computer Systems (TOCS)
DO - 10.1145/3734521
DA - 2025-06-08
UR - https://www.deepdyve.com/lp/association-for-computing-machinery/regvault-ii-achieving-hardware-assisted-selective-kernel-data-byOMkpDqLH
SP - 1
EP - 34
VL - 43
IS - 1-2
DP - DeepDyve
ER -