# Fast Intra-kernel Isolation and Security with IskiOS

**Authors:** Spyridoula Gravani, Mohammad Hedayati, John Criswell, and Michael L., Scott

arXiv: 1903.04654 · 2021-08-04

## TL;DR

IskiOS introduces a novel method leveraging Intel's PKU to enable efficient intra-kernel isolation and security features like execute-only memory and shadow stacks on existing hardware, improving kernel protection with minimal overhead.

## Contribution

The paper presents PKK, a new approach that adapts PKU for kernel use, enabling fast intra-kernel isolation and security features in Linux systems.

## Key findings

- PKK incurs about 11% overhead in kernel microbenchmarks.
- XOM adds no additional overhead.
- Shadow stacks increase total overhead to 22%.

## Abstract

The kernels of operating systems such as Windows, Linux, and MacOS are vulnerable to control-flow hijacking. Defenses exist, but many require efficient intra-address-space isolation. Execute-only memory, for example, requires read protection on code segments, and shadow stacks require protection from buffer overwrites. Intel's Protection Keys for Userspace (PKU) could, in principle, provide the intra-kernel isolation needed by such defenses, but, when used as designed, it applies only to user-mode application code. This paper presents an unconventional approach to memory protection, allowing PKU to be used within the operating system kernel on existing Intel hardware, replacing the traditional user/supervisor isolation mechanism and, simultaneously, enabling efficient intra-kernel isolation. We call the resulting mechanism Protection Keys for Kernelspace (PKK). To demonstrate its utility and efficiency, we present a system we call IskiOS: a Linux variant featuring execute-only memory (XOM) and the first-ever race-free shadow stacks for x86-64. Experiments with the LMBench kernel microbenchmarks display a geometric mean overhead of about 11% for PKK and no additional overhead for XOM. IskiOS's shadow stacks bring the total to 22%. For full applications, experiments with the system benchmarks of the Phoronix test suite display negligible overhead for PKK and XOM, and less than 5% geometric mean overhead for shadow stacks.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1903.04654/full.md

## Figures

14 figures with captions in the complete paper: https://tomesphere.com/paper/1903.04654/full.md

## References

92 references — full list in the complete paper: https://tomesphere.com/paper/1903.04654/full.md

---
Source: https://tomesphere.com/paper/1903.04654