Mitigating Temporal Memory Safety Errors in the Linux Kernel
Public DepositedDownloadable Content
open in viewerTemporal memory safety vulnerabilities can allow attackers to escalate privileges on Linux based devices. This paper presents two solutions to temporal safety vulnerabilities. First, we present the Bounce Allocator: A pool-based memory allocator designed to mitigate temporal memory safety errors on ARMv8.5-A based Linux devices. Other solutions do not effectively mitigate temporal memory safety errors or have large memory and performance overheads that makes them unsuitable for production environments. The Bounce Allocator achieves entropy comparable with other solutions while using significantly less memory and having improved runtime performance. The Bounce Allocator is implemented on top of an existing allocator to help preserve kmalloc caching performance. This paper also presents Tag Exclusion Sets: A simple solution that deterministically prevents a subset of temporal memory safety attacks in the Linux kernel. This solution has little runtime overhead and no memory overhead and requires little change to the memory allocator.
- Creator
- Contributors
- Degree
- Unit
- Publisher
- Identifier
- etd-104781
- Keyword
- Advisor
- Orcid
- Defense date
- Year
- 2023
- Date created
- 2023-04-25
- Resource type
- Source
- etd-104781
- Rights statement
- License
- Last modified
- 2023-11-06
Relations
- In Collection:
Items
Permanent link to this page: https://digital.wpi.edu/show/sx61dq722