Mitigating Foreshadow Side-channel Attack Using Dedicated Kernel Memory Mechanism

Abstract

New threats to operating systems include side-channel attacks (e.g., Meltdown and Foreshadow) that combine the speculative execution of the central processing unit (CPU) and cache manipulation to facilitate inference of the kernel code and kernel data stored in CPU caches. Side-channel attacks mitigation strategies require kernel memory isolation mechanisms that modify kernel design, such as the kernel page table isolation that separates the kernel memory space for the kernel and user modes to mitigate the Meltdown, and the address space isolation that segregates the virtualization features from the kernel memory space for Foreshadow mitigation. However, user processes still share the remaining kernel feature on the same kernel memory space. The speculative execution of the CPU in a side-channel attack using Foreshadow allows the adversary to refer to the kernel data of the targeted user process with kernel features. This paper presents a dedicated kernel memory mechanism (DKMM), which controls the memory space allocation method for each user process with kernel features. It mitigates Foreshadow side-channel attack (e.g., Foreshadow-OS) with speculative execution. Furthermore, it enables each user process to use its dedicated kernel memory space and suppresses the reference to the kernel data of kernel feature used by the attacked user process attacked by Foreshadow side-channel. We implemented the DKMM on Linux and evaluated its security capability to protect the kernel data of container features against side-channel attack by the Foreshadow proof of concept code. The performance evaluation was reasonable, as the maximum system call overhead was 7.864µs, the web client program ranged from 0.55% to 0.77% for the 100,000 Hypertext Transfer Protocol sessions, and the benchmark score was 1.06% overhead.