학위논문 (박사)-- 서울대학교 대학원 : 공과대학 전기·컴퓨터공학부, 2018. 2. 백윤흥.To protect the system from software attacks, various security approaches, such as formal verification and memory safety, have been proposed by researchers. However, many of the security approaches have not been practical to apply to real-world systems because they involve too strict restrictions or incurs significant performance overhead. In this situation, security researchers have proposed isolation approaches that dramatically reduce the attack surface by isolating security-critical parts of software from the others. The isolation approaches have been adopted in many security studies to increase the security level of software with minimal overhead. However, the security studies based on the isolation approaches have been carried out focusing on the systems, such as desktop PCs and servers. Unfortunately, in the mobile devices, the most widely used systems these days, only a few related studies have been conducted, so in these devices, the isolation approaches have evolved less in terms of security, coverage, and efficiency.
In this thesis, therefore, I will perform a series of research to enhance the isolation approaches, and ultimately to increase the security level of the mobile devices. I first will analyze the usage scenarios and environments of the mobile devices and confirm the required security capabilities and levels. Subsequently, I will carefully review the recent ARM architectures that are mainly used in the mobile devices and find some salient hardware features. After that, on top of these features, I will propose novel security solutions stemming from the isolation approaches. These solutions targeting from applications to different types of system software satisfy the required security capability and levels confirmed by the previous analysis. In this thesis, I will describe the details of design and implementation of these security solutions, around the isolation approaches based on the salient hardware features. Also, the efficiency and effectiveness of these solutions will be demonstrated through various experimental results.Abstract
Contents ii
List of Tables v
List of Figures vi
1 INTRODUCTION 1
2 Hardware-Assisted On-Demand Hypervisor Activation for Efficient Security
Critical Code Execution on Mobile Devices 7
2.1 Introduction
2.2 Background
2.2.1 Security extensions
2.2.2 Virtualization extensions
2.3 Threat model and Assumptions
2.4 Design
2.4.1 Design objectives
2.4.2 Overall Design
2.4.3 Development of SCCs
2.4.4 Provision of SCCs
2.4.5 Execution of SCCs
2.4.6 On-demand activation of the OSP hypervisor
2.4.7 Interface implementation
2.5 Implementation
2.5.1 OSP Hypervisor
2.5.2 Boot Sequence of OSP
2.6 Evaluation
2.6.1 Performance impact
2.6.2 World switching latency
2.6.3 Application benchmarks
2.6.4 Security analysis
2.7 Future work
2.8 Related work
2.9 Conclusion
3 Dynamic Virtual Address Range Adjustment
for Intra-Level Privilege Separation on ARM 37
3.1 Introduction
3.2 Threat Model and Related Work
3.2.1 Threat Model
3.2.2 Related Work
3.3 Background
3.3.1 Exception Level
3.3.2 Virtual Address Range
3.3.3 Translation Lookaside Buffer
3.4 Design
3.4.1 Overview of Hilps
3.4.2 Intra-Level Isolation Mechanism
3.4.3 Domain Switching Mechanism
3.4.4 Monitoring Capability
3.5 Implementation
3.6 Evaluation
3.6.1 Switching Overhead
3.6.2 Micro Benchmarks
3.6.3 Macro Benchmarks
3.6.4 Security Application Benchmark
3.7 Discussion
3.8 Conclusion
4 Instruction-Level Data Isolation for the Kernel on ARM 76
4.1 Introduction
4.2 Related Work
4.3 Background
4.4 Design and Implementation
4.4.1 Threat Model and Assumption
4.4.2 ILDI Mechanism
4.4.3 Enforcement of the ILDI mechanism
4.4.4 Security Analysis
4.5 Evaluation
4.5.1 Primitive Operation
4.5.2 Impact on the System
4.6 Conclusion
5 CONCLUSION
Abstract (In Korean)Docto
