Kernel Data Integrity Protection via Memory Access Control

Operating system kernels isolate applications from other malicious software via protected memory created by virtual memory management. Even though modern kernels aggregate core kernel code with driver and module components of different provenance, kernel memory remains unified and without isolation. Kernel-level malicious software has full access to the data and operations of all kernel com- ponents. In this paper, we create kernel memory protection. We design an access control policy and enforcement system that prevents kernel components with low trust from altering security-critical data used by the kernel to manage its own execution. Our policies are at the granularity of kernel variables and structure elements, and they can protect data dynamically allocated at runtime. Our hypervisor-based design uses memory page protection bits as part of its policy enforcement; the granularity difference between page-level protection and variable-level policies challenges the system's ability to remain per- formant. We develop kernel data-layout partitioning and reorganization to maintain kernel performance in the presence of our protections. We show that our system prevents illegitimate alteration of security- critical kernel data at a performance cost of 1-20%. By offering protection for critical kernel data, we guarantee that security utilities relying on the integrity of kernel-level state remain accurate.