Accession Number:

AD1100663

Title:

Improving Security at the System-Call Boundary in a Type-Safe Operating System

Descriptive Note:

Technical Report

Corporate Author:

MIT Lincoln Laboratory Lexington United States

Personal Author(s):

Report Date:

2019-02-01

Pagination or Media Count:

60.0

Abstract:

Historically, most approaches to operating sytems security aim to either protect the kernel e.g., the MMU or protect user applications e.g., W o X. However, little study has been done into protecting the boundary between these layers. We describe a vulnerability in Tock, a type-safe operating system, at the system-call boundary. We then introduce a technique for providing memory safety at the boundary between userland and the kernel in Tock. We demonstrate that this technique works to prevent against the aforementioned vulnerability and a class of similar vulnerabilities, and we propose how it might be used to protect against similar vulnerabilities in other operating systems.

Subject Categories:

  • Computer Systems

Distribution Statement:

APPROVED FOR PUBLIC RELEASE