Accession Number:
AD1100663
Title:
Improving Security at the System-Call Boundary in a Type-Safe Operating System
Descriptive Note:
Technical Report
Corporate Author:
MIT Lincoln Laboratory Lexington United States
Personal Author(s):
Report Date:
2019-02-01
Pagination or Media Count:
60.0
Abstract:
Historically, most approaches to operating sytems security aim to either protect the kernel e.g., the MMU or protect user applications e.g., W o X. However, little study has been done into protecting the boundary between these layers. We describe a vulnerability in Tock, a type-safe operating system, at the system-call boundary. We then introduce a technique for providing memory safety at the boundary between userland and the kernel in Tock. We demonstrate that this technique works to prevent against the aforementioned vulnerability and a class of similar vulnerabilities, and we propose how it might be used to protect against similar vulnerabilities in other operating systems.
Descriptors:
Subject Categories:
- Computer Systems