Hart: Hardware-assisted kernel module tracing on arm

Yunlan Du, Zhenyu Ning, Jun Xu, Zhilong Wang, Yueh Hsun Lin, Fengwei Zhang*, Xinyu Xing, Bing Mao

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contribution

7 Scopus citations

Abstract

While the usage of kernel modules has become more prevalent from mobile to IoT devices, it poses an increased threat to computer systems since the modules enjoy high privileges as the main kernel but lack the matching robustness and security. In this work, we propose HART, a modular and dynamic tracing framework enabled by the Embedded Trace Macrocell (ETM) debugging feature in Arm processors. Powered by even the minimum supports of ETM, HART can trace binary-only modules without any modification to the main kernel efficiently, and plug and play on any module at any time. Besides, HART provides convenient interfaces for users to further build tracing-based security solutions, such as the modular AddressSanitizer HASAN we demonstrated. Our evaluation shows that HART and HASAN incur the average overhead of 5% and 6% on 6 widely-used benchmarks, and HASAN detects all vulnerabilities in various types, proving their efficiency and effectiveness.

Original languageEnglish (US)
Title of host publicationComputer Security – ESORICS 2020 - 25th European Symposium on Research in Computer Security, Proceedings
EditorsLiqun Chen, Steve Schneider, Ninghui Li, Kaitai Liang
PublisherSpringer Science and Business Media Deutschland GmbH
Pages316-337
Number of pages22
ISBN (Print)9783030589509
DOIs
StatePublished - 2020
Event25th European Symposium on Research in Computer Security, ESORICS 2020 - Guildford, United Kingdom
Duration: Sep 14 2020Sep 18 2020

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume12308 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference25th European Symposium on Research in Computer Security, ESORICS 2020
Country/TerritoryUnited Kingdom
CityGuildford
Period9/14/209/18/20

Funding

Acknowledgements. We sincerely thank our shepherd Prof. Dave Jing Tian and reviewers for their comments and feedback. This work was supported in part by grants from the Chinese National Natural Science Foundation (NSFC 61272078, NSFC 61073027).

Keywords

  • Arm
  • Dynamic tracing
  • ETM
  • Kernel module

ASJC Scopus subject areas

  • Theoretical Computer Science
  • General Computer Science

Fingerprint

Dive into the research topics of 'Hart: Hardware-assisted kernel module tracing on arm'. Together they form a unique fingerprint.

Cite this