Hardware-assisted live kernel function updating on Intel platforms
Traditional kernel updates such as perfective maintenance and vulnerability patching requires shutting the system down, disrupting continuous execution of applications. Enterprises and researchers have proposed various live updating techniques to patch the kernel with lower downtime to reduce the lo...
Saved in:
| Main Authors: | , , , , , , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Institutional Knowledge at Singapore Management University
2024
|
| Subjects: | |
| Online Access: | https://ink.library.smu.edu.sg/sis_research/9876 https://ink.library.smu.edu.sg/context/sis_research/article/10876/viewcontent/Hardware_Assisted_Live_Kernel_Function_Updating_on_Intel_Platforms.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Singapore Management University |
| Language: | English |
| id |
sg-smu-ink.sis_research-10876 |
|---|---|
| record_format |
dspace |
| spelling |
sg-smu-ink.sis_research-108762025-01-02T09:15:10Z Hardware-assisted live kernel function updating on Intel platforms ZHOU, Lei ZHANG, Fengwei LEACH, Kevin DING, Xuhua NING, Zhenyu WANG, Guojun XIAO, Jidong Traditional kernel updates such as perfective maintenance and vulnerability patching requires shutting the system down, disrupting continuous execution of applications. Enterprises and researchers have proposed various live updating techniques to patch the kernel with lower downtime to reduce the loss of useful uptime. However, existing kernel live update techniques either rely on specific support from the target OS, or are deployed in virtualized environments (i.e., systems running in virtual machines). In this article we present KShot , a hardware-assisted live and secure kernel function update mechanism for native operating systems. By leveraging x86 SMM and Intel SGX, KShot runs in hardware-assisted Trusted Execution Environments and updates kernel functions at the binary-level without relying on the underlying OS support. We demonstrate the applicability of KShot by successfully patching critical kernel vulnerabilities, upgrading base kernel functions and drivers nearly instantly and transparently. Our experimental results show that KShot incurs merely 70 microseconds downtime to update a one kilobyte binary and 18 MB memory overhead. 2024-01-01T08:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/9876 info:doi/10.1109/TDSC.2023.3300101 https://ink.library.smu.edu.sg/context/sis_research/article/10876/viewcontent/Hardware_Assisted_Live_Kernel_Function_Updating_on_Intel_Platforms.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Kernel function updating system management mode trusted execution environment consistency transparency Information Security |
| institution |
Singapore Management University |
| building |
SMU Libraries |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
SMU Libraries |
| collection |
InK@SMU |
| language |
English |
| topic |
Kernel function updating system management mode trusted execution environment consistency transparency Information Security |
| spellingShingle |
Kernel function updating system management mode trusted execution environment consistency transparency Information Security ZHOU, Lei ZHANG, Fengwei LEACH, Kevin DING, Xuhua NING, Zhenyu WANG, Guojun XIAO, Jidong Hardware-assisted live kernel function updating on Intel platforms |
| description |
Traditional kernel updates such as perfective maintenance and vulnerability patching requires shutting the system down, disrupting continuous execution of applications. Enterprises and researchers have proposed various live updating techniques to patch the kernel with lower downtime to reduce the loss of useful uptime. However, existing kernel live update techniques either rely on specific support from the target OS, or are deployed in virtualized environments (i.e., systems running in virtual machines). In this article we present KShot , a hardware-assisted live and secure kernel function update mechanism for native operating systems. By leveraging x86 SMM and Intel SGX, KShot runs in hardware-assisted Trusted Execution Environments and updates kernel functions at the binary-level without relying on the underlying OS support. We demonstrate the applicability of KShot by successfully patching critical kernel vulnerabilities, upgrading base kernel functions and drivers nearly instantly and transparently. Our experimental results show that KShot incurs merely 70 microseconds downtime to update a one kilobyte binary and 18 MB memory overhead. |
| format |
text |
| author |
ZHOU, Lei ZHANG, Fengwei LEACH, Kevin DING, Xuhua NING, Zhenyu WANG, Guojun XIAO, Jidong |
| author_facet |
ZHOU, Lei ZHANG, Fengwei LEACH, Kevin DING, Xuhua NING, Zhenyu WANG, Guojun XIAO, Jidong |
| author_sort |
ZHOU, Lei |
| title |
Hardware-assisted live kernel function updating on Intel platforms |
| title_short |
Hardware-assisted live kernel function updating on Intel platforms |
| title_full |
Hardware-assisted live kernel function updating on Intel platforms |
| title_fullStr |
Hardware-assisted live kernel function updating on Intel platforms |
| title_full_unstemmed |
Hardware-assisted live kernel function updating on Intel platforms |
| title_sort |
hardware-assisted live kernel function updating on intel platforms |
| publisher |
Institutional Knowledge at Singapore Management University |
| publishDate |
2024 |
| url |
https://ink.library.smu.edu.sg/sis_research/9876 https://ink.library.smu.edu.sg/context/sis_research/article/10876/viewcontent/Hardware_Assisted_Live_Kernel_Function_Updating_on_Intel_Platforms.pdf |
| _version_ |
1821237271024631808 |