Accession Number:

AD1100663

Title:

Improving Security at the System-Call Boundary in a Type-Safe Operating System

Descriptive Note:

Technical Report

Corporate Author:

MIT Lincoln Laboratory Lexington United States

Personal Author(s):

• Weisblat,Jakob

Report Date:

2019-02-01

Pagination or Media Count:

60.0

Abstract:

Historically, most approaches to operating sytems security aim to either protect the kernel e.g., the MMU or protect user applications e.g., W o X. However, little study has been done into protecting the boundary between these layers. We describe a vulnerability in Tock, a type-safe operating system, at the system-call boundary. We then introduce a technique for providing memory safety at the boundary between userland and the kernel in Tock. We demonstrate that this technique works to prevent against the aforementioned vulnerability and a class of similar vulnerabilities, and we propose how it might be used to protect against similar vulnerabilities in other operating systems.

Descriptors:

• kernels (operating system)
• instruction set architecture
• complex systems
• random number generators
• computing system architectures
• programming languages
• cybersecurity

Subject Categories:

• Computer Systems

Distribution Statement:

APPROVED FOR PUBLIC RELEASE