One particularly difficult challenge in the computer security landscape is preventing privilege escalation. This type of attack happens when an actor is granted access to some piece of hardware with limited permissions but manages to circumvent the security policies meant to contain them. Although a simple bug in the operating system, or even in user libraries, can be sufficient to enable this type of attack, such a vulnerability is also relatively easy to fix. Privilege escalation mechanisms represent a more challenging security risk because they are methods by which generic vulnerabilities (such as a buffer overflow) can be leveraged to escalate privilege.
This thesis describes a collection of operating system hardening techniques designed to mitigate the risks of common privilege escalation mechanisms. This includes non-deterministic loading techniques to randomize code, leveraging the virtualization features of modern hardware to protect operating system code, and a novel operating system design paradigm. A proof-of-concept prototype was developed for each of these techniques using the Bear research microkernel. The code for all techniques described in this thesis is available at https://github.com/SCSLaboratory/BearOS.
Each of the techniques described in this thesis is evaluated in terms of the additional security it offers alongside the performance cost of the technique. The security analysis of each technique attempts to describe (and quantify where possible) the types of privilege escalation mechanisms that the technique interrupts. Meanwhile, macro- and micro-benchmarks that are compatible with the Bear microkernel illustrate the practicality of each of these techniques for deployment on real-world systems. Synthesizing four different security mechanisms that each address unique types of privilege escalation threats, the thesis provides a glimpse of a hardened operating system. Contrary to the standard practice of “patching” the status quo in response to each new threat, it attempts to visualize a next-generation operating system design that brings together the best features of non-determinism, virtualization, and hard- ware resource utilization in order to present a more secure computing system that can still meet the ever-increasing performance requirements of modern computing applications.
|Commitee:||Bratus, Sergey, Chapin, Steve, Cybenko, George|
|School Location:||United States -- New Hampshire|
|Source:||DAI-B 79/10(E), Dissertation Abstracts International|
|Keywords:||Asymmetrical multiprocessing, Hypervisor, Operating systems, Privilege escalation, Security, Virtualization|
Copyright in each Dissertation and Thesis is retained by the author. All Rights Reserved
The supplemental file or files you are about to download were provided to ProQuest by the author as part of a
dissertation or thesis. The supplemental files are provided "AS IS" without warranty. ProQuest is not responsible for the
content, format or impact on the supplemental file(s) on our system. in some cases, the file type may be unknown or
may be a .exe file. We recommend caution as you open such files.
Copyright of the original materials contained in the supplemental file is retained by the author and your access to the
supplemental files is subject to the ProQuest Terms and Conditions of use.
Depending on the size of the file(s) you are downloading, the system may take some time to download them. Please be