BarriCCAde: Isolating Closed-Source Drivers with ARM CCA

Schulze SM, Lindenmeier C, Röckl J (2024)

Publication Language: English

Publication Type: Conference contribution, Conference Contribution

Publication year: 2024

Publisher: Institute of Electrical and Electronics Engineers, Inc.

Pages Range: 245-251

Conference Proceedings Title: 2024 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)

Event location: Vienna AT

ISBN: 979-8-3503-6729-4

DOI: 10.1109/EuroSPW61312.2024.00033

Abstract

Due to the nature of monolithic kernels, a driver's vulnerability always results in a vulnerable kernel, as disas-trous examples show. Some research aims to solve this issue by isolating drivers from the main kernel. The most promising approaches rely on virtualization techniques. However, as they usually require driver and kernel modification, they can only be applied to open-source drivers. As closed-source drivers are also standard these days, e.g., for GPUs or anti-cheat tools, we propose BarriCCAde, a new design for isolating even closed -source drivers from the kernel. Most notably, BarriCCAde allows driver isolation without adding a hypervisor to the TCB. Relying on upcoming confidential computing techniques, we only add small-scale memory protection components to our TCB. Contemporary approaches focus on deciding which of the kernel's resources the driver may access and how they can be synchronized between the kernel and the driver. However, one aspect mainly ignored is cases in which the driver misuses kernel resources it can access to attack the system, e.g., by crafting malicious inputs for kernel functions. To cover such cases, we integrate an eBPF -based filter into our system architecture, which allows a fine-granular specification of which kernel-level resource can be accessed in which way. We believe that BarriCCAde is an important step towards isolating future closed-source drivers and, thus, strengthening the confidentiality, integrity, and availability of future kernels.

Authors with CRIS profile

Sven Matti Schulze Lehrstuhl für Informatik 1 (IT-Sicherheitsinfrastrukturen) Christian Lindenmeier Lehrstuhl für Informatik 1 (IT-Sicherheitsinfrastrukturen) Jonas Röckl Lehrstuhl für Informatik 1 (IT-Sicherheitsinfrastrukturen)

How to cite

APA:

Schulze, S.M., Lindenmeier, C., & Röckl, J. (2024). BarriCCAde: Isolating Closed-Source Drivers with ARM CCA. In 2024 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) (pp. 245-251). Vienna, AT: Institute of Electrical and Electronics Engineers, Inc..

MLA:

Schulze, Sven Matti, Christian Lindenmeier, and Jonas Röckl. "BarriCCAde: Isolating Closed-Source Drivers with ARM CCA." Proceedings of the 9th IEEE European Symposium on Security and Privacy Workshops - EUROS&PW 2024, Vienna Institute of Electrical and Electronics Engineers, Inc., 2024. 245-251.

BibTeX: Download