Hardware-assisted live kernel function updating on Intel platforms

Hardware-assisted live kernel function updating on Intel platforms

Traditional kernel updates such as perfective maintenance and vulnerability patching requires shutting the system down, disrupting continuous execution of applications. Enterprises and researchers have proposed various live updating techniques to patch the kernel with lower downtime to reduce the lo...

Full description

Saved in:
Bibliographic Details
Main Authors: ZHOU, Lei, ZHANG, Fengwei, LEACH, Kevin, DING, Xuhua, NING, Zhenyu, WANG, Guojun, XIAO, Jidong
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 2024
Subjects:
Kernel function updating
system management mode
trusted execution environment
consistency
transparency
Information Security
Online Access:https://ink.library.smu.edu.sg/sis_research/9876
https://ink.library.smu.edu.sg/context/sis_research/article/10876/viewcontent/Hardware_Assisted_Live_Kernel_Function_Updating_on_Intel_Platforms.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English
Description
Summary:Traditional kernel updates such as perfective maintenance and vulnerability patching requires shutting the system down, disrupting continuous execution of applications. Enterprises and researchers have proposed various live updating techniques to patch the kernel with lower downtime to reduce the loss of useful uptime. However, existing kernel live update techniques either rely on specific support from the target OS, or are deployed in virtualized environments (i.e., systems running in virtual machines). In this article we present KShot , a hardware-assisted live and secure kernel function update mechanism for native operating systems. By leveraging x86 SMM and Intel SGX, KShot runs in hardware-assisted Trusted Execution Environments and updates kernel functions at the binary-level without relying on the underlying OS support. We demonstrate the applicability of KShot by successfully patching critical kernel vulnerabilities, upgrading base kernel functions and drivers nearly instantly and transparently. Our experimental results show that KShot incurs merely 70 microseconds downtime to update a one kilobyte binary and 18 MB memory overhead.

Similar Items