Linux Kernel Security Card
Linux kernel security is a very complex subject area. It includes a large number of complexly interrelated concepts, and it would be useful to have its graphical representation. Therefore, I developed a Linux kernel security map . Here is a legend:
So, the map contains the following objects:
In turn, core protection technologies are heterogeneous. Some are part of the vanilla Linux kernel, others are supplied separately for various reasons (for example, there are commercial security tools). There are kernel security mechanisms that require hardware support.
')
Thus, the topic of Linux kernel security is quite extensive, and the developed map helps in its study and analysis. Each line connecting objects on the map denotes their mutual influence, the essence of which should be clarified in the documentation. This principle can be illustrated on a fragment of a common map. Diagram 1 shows the security properties of the STACKLEAK technology.
Scheme 1. Properties of safety technology STACKLEAK
PAX_MEMORY_STACKLEAK is a commercial Linux kernel security technology that counteracts the exploitation of the following types of vulnerabilities: stack depth overflow, use of uninitialized variables, and information leakage into user space. The map contains identifiers of these classes of vulnerabilities (CWE, Common Weakness Enumeration).
The STACKLEAK technology was introduced into the vanilla Linux kernel, which is reflected in the diagram. There is also a KMSAN debugging mechanism that allows detecting the use of uninitialized variables and the leakage of information into user space when testing the kernel.
It should be noted that this card does not affect the issue of reducing the perimeter of the attack for the core. In essence, disabling almost any functionality that reduces the size of the executable file reduces the attack perimeter. And in this project, the focus is on security tools that provide self-defense of the Linux kernel against exploitation of vulnerabilities.
Diagram 2 shows the complete map for the kernel version 5.1 (on click, the image will open in full size).
Scheme 2. Linux v5.1 Kernel Protection Card
The map is constantly evolving, it needs to be updated at least every release of the kernel. Therefore, it is convenient to have the source in text form and maintain it in the version control system. In addition, in order not to have to manually arrange objects with a minimum number of intersections of links, the DOT language was chosen to create a map, and the scheme is automatically generated by the GraphViz package using the following command:
The Linux kernel security card is an open source project licensed under GPL v3.0. The repository is located on GitHub . This project is extremely useful for:
In addition, the Linux kernel security card is designed to help explore source code, documentation, and other sources of information on this topic:
And to automate the checking of security options in the Linux kernel configuration file, I created the kconfig-hardened-check project, which is being actively developed thanks to open collaboration. The utility supports x86_64, arm64, x86_32 and arm.
I invite you to participate in the development of the Linux kernel security card and the kconfig-hardened-check utility.
So, the map contains the following objects:
- vulnerability classes;
- techniques of their operation to conduct attacks;
- error detection mechanisms;
- protection technology.
In turn, core protection technologies are heterogeneous. Some are part of the vanilla Linux kernel, others are supplied separately for various reasons (for example, there are commercial security tools). There are kernel security mechanisms that require hardware support.
')
Thus, the topic of Linux kernel security is quite extensive, and the developed map helps in its study and analysis. Each line connecting objects on the map denotes their mutual influence, the essence of which should be clarified in the documentation. This principle can be illustrated on a fragment of a common map. Diagram 1 shows the security properties of the STACKLEAK technology.
Scheme 1. Properties of safety technology STACKLEAK
PAX_MEMORY_STACKLEAK is a commercial Linux kernel security technology that counteracts the exploitation of the following types of vulnerabilities: stack depth overflow, use of uninitialized variables, and information leakage into user space. The map contains identifiers of these classes of vulnerabilities (CWE, Common Weakness Enumeration).
The STACKLEAK technology was introduced into the vanilla Linux kernel, which is reflected in the diagram. There is also a KMSAN debugging mechanism that allows detecting the use of uninitialized variables and the leakage of information into user space when testing the kernel.
It should be noted that this card does not affect the issue of reducing the perimeter of the attack for the core. In essence, disabling almost any functionality that reduces the size of the executable file reduces the attack perimeter. And in this project, the focus is on security tools that provide self-defense of the Linux kernel against exploitation of vulnerabilities.
Diagram 2 shows the complete map for the kernel version 5.1 (on click, the image will open in full size).
Scheme 2. Linux v5.1 Kernel Protection Card
The map is constantly evolving, it needs to be updated at least every release of the kernel. Therefore, it is convenient to have the source in text form and maintain it in the version control system. In addition, in order not to have to manually arrange objects with a minimum number of intersections of links, the DOT language was chosen to create a map, and the scheme is automatically generated by the GraphViz package using the following command:
dot -Tsvg linux-kernel-defence-map.dot -o linux-kernel-defence-map.svg The Linux kernel security card is an open source project licensed under GPL v3.0. The repository is located on GitHub . This project is extremely useful for:
- tracking the current state of kernel security,
- developing IP threat models based on GNU / Linux,
- selection of appropriate protective equipment.
In addition, the Linux kernel security card is designed to help explore source code, documentation, and other sources of information on this topic:
- Security properties grsecurity
- Security documentation in the Linux kernel source
- Documentation Kernel Self Protection Project
- The current status of the transfer function grsecurity in the Android Open Source Project
- Overview of trends in OS security from Microsoft Research Center (MSRC)
- Linux Kernel Runtime Guard Threat Model (LKRG)
And to automate the checking of security options in the Linux kernel configuration file, I created the kconfig-hardened-check project, which is being actively developed thanks to open collaboration. The utility supports x86_64, arm64, x86_32 and arm.
I invite you to participate in the development of the Linux kernel security card and the kconfig-hardened-check utility.
Source: https://habr.com/ru/post/457460/
All Articles