? 不可信硬件造成I/O内存中的double fetch问题
Journal of Computer Science and Technology
Quick Search in JCST
 Advanced Search 
      Home | PrePrint | SiteMap | Contact Us | Help
 
Indexed by   SCIE, EI ...
Bimonthly    Since 1986
Journal of Computer Science and Technology 2018, Vol. 33 Issue (3) :587-602    DOI: 10.1007/s11390-018-1842-3
Regular Paper << Previous Articles | Next Articles >>
不可信硬件造成I/O内存中的double fetch问题
Kai Lu1,2,3, Member, CCF, Peng-Fei Wang1,*, Member, CCF, Gen Li1, Xu Zhou1, Member, CCF
1 College of Computer, National University of Defense Technology, Changsha 410073, China;
2 Science and Technology on Parallel and Distributed Processing Laboratory, National University of Defense Technology Changsha 410073, China;
3 Collaborative Innovation Center of High-Performance Computing, National University of Defense Technology Changsha 410073, China
Untrusted Hardware Causes Double-fetch Problems in the I/O Memory
Kai Lu1,2,3, Member, CCF, Peng-Fei Wang1,*, Member, CCF, Gen Li1, Xu Zhou1, Member, CCF
1 College of Computer, National University of Defense Technology, Changsha 410073, China;
2 Science and Technology on Parallel and Distributed Processing Laboratory, National University of Defense Technology Changsha 410073, China;
3 Collaborative Innovation Center of High-Performance Computing, National University of Defense Technology Changsha 410073, China

摘要
参考文献
相关文章
Download: [PDF 1460KB]  
摘要 当内核在两次读取“相同”的用户数据之间,数据可能被恶意篡改,从而导致数据不一致,引发double fetch问题,造成内核的安全隐患。之前的研究工作主要集中在内核与用户进程之间的double fetch问题。本文第一次针对内核与外围设备之间的double fetch问题(即硬件double fetch问题)进行了专门研究。操作系统通过读写外围设备映射的I/O内存来与外围设备通信,由于目前针对连接到系统上的外围设备缺少有效的验证机制,恶意硬件设备可以在内核两次读取相同I/O内存数据之间篡改数据,造成double fetch问题。本文提出了一种静态的模式匹配的方法从Linux内核中检测硬件double fetch问题。所提方法能够在不依赖硬件的条件下检测完整内核(包括驱动)。本文对检测结果进行了分类,并在案例分析的基础上讨论产生缺陷的可能性。基于所提方法,本文共发现了4个硬件double fetch漏洞,目前已被内核开发者确认并修复。
关键词硬件double fetch   double-fetch缺陷   I/O内存   外围设备   double-fetch漏洞     
Abstract: The double fetch problem occurs when the data is maliciously changed between two kernel reads of supposedly the same data, which can cause serious security problems in the kernel. Previous research focused on the double fetches between the kernel and user applications. In this paper, we present the first dedicated study of the double fetch problem between the kernel and peripheral devices (aka. The Hardware Double Fetch). Operating systems communicate with peripheral devices by reading from and writing to the device mapped I/O (Input and Output) memory, and due to the lack of effective validation of the attached hardware, compromised hardware could flip the data between two reads of the same I/O memory address, causing a double fetch problem. We proposed a static pattern-matching approach to identify the hardware double fetches from the Linux kernel. Our approach can analyze the entire kernel without relying on the corresponding hardware. The results were categorized and each category was analyzed using case studies to discuss the possibility of causing bugs. We also found 4 double-fetch vulnerabilities, which have been confirmed and fixed by the maintainers as a result of our report.
KeywordsHardware Double Fetches   Double-fetch Bugs   I/O Memory   Peripheral Devices   Double-fetch Vulnerabilities     
Received 2017-07-01;
本文基金:

The work is supported by the National Key Research and Development Program of China under Grant No. 2016YFB0200401.

通讯作者: Peng-Fei Wang     Email: pfwang@nudt.edu.cn
About author: Kai Lu received his B.S. degree and Ph.D. degree in 1995 and 1999, respectively, both in computer science and technology, from the College of Computer, National University of Defense Technology, Changsha. He is now a professor in the College of Computer, National University of Defense Technology, Changsha. His research interests include operating systems, parallel computing, and security.
引用本文:   
Kai Lu, Peng-Fei Wang, Gen Li, Xu Zhou.不可信硬件造成I/O内存中的double fetch问题[J]  Journal of Computer Science and Technology , 2018,V33(3): 587-602
Kai Lu, Peng-Fei Wang, Gen Li, Xu Zhou.Untrusted Hardware Causes Double-fetch Problems in the I/O Memory[J]  Journal of Computer Science and Technology, 2018,V33(3): 587-602
链接本文:  
http://jcst.ict.ac.cn:8080/jcst/CN/10.1007/s11390-018-1842-3
Copyright 2010 by Journal of Computer Science and Technology