Towards Generic Address Sanitization for Kernel Space
Towards Generic Address Sanitization for Kernel Space
Supervisor(s): | Manuel Andreas |
Status: | finished |
Topic: | Others |
Author: | Fabian Specht |
Submission: | 2025-03-04 |
Type of Thesis: | Bachelorthesis |
DescriptionToday, most of our infrastructure relies on computers, making their reliability and security critical for our society. Bugs in software may cost enterprises vast amounts of money or threaten individuals privacy. One of the biggest causes for bugs are made when handling memory, for example buffer overflows, in some cases even leading to arbitrary code execution from an attacker. For such attacks, many solutions exist: Memory-safe languages, compiler insertions like stack canaries or runtime-based solutions. In 2012, Google introduced the Address Sanitizer algorithm, a method designed to detect incorrect memory accesses during runtime by keeping track of allocated memory in a seperate data structure called shadow memory. It was introduced first for userspace programs, but as the method gained popularity, even Linux started supporting it, detecting thousands of bugs in the kernel. However, other kernelspace projects have mostly been left out, since implementing the concept is fairly complex. In this thesis, we explore how much the implementation of the concept can be designed generically such that applying it to new kernelspace projects takes less effort. To find out which parts of the concepts can be generalized, we start off by implementing the approach into the popular hypervisor Xen. We propose several solutions to design a generic framework and demonstrate one of them successfully in a prototype for Xen. |