Hardware-assisted live kernel function updating on Intel platforms

Author

Lei ZHOU
Fengwei ZHANG
Kevin LEACH
Xuhua DING, Singapore Management UniversityFollow
Zhenyu NING
Guojun WANG
Jidong XIAO

Publication Type

Journal Article

Version

publishedVersion

Publication Date

1-2024

Abstract

Traditional kernel updates such as perfective maintenance and vulnerability patching requires shutting the system down, disrupting continuous execution of applications. Enterprises and researchers have proposed various live updating techniques to patch the kernel with lower downtime to reduce the loss of useful uptime. However, existing kernel live update techniques either rely on specific support from the target OS, or are deployed in virtualized environments (i.e., systems running in virtual machines). In this article we present KShot , a hardware-assisted live and secure kernel function update mechanism for native operating systems. By leveraging x86 SMM and Intel SGX, KShot runs in hardware-assisted Trusted Execution Environments and updates kernel functions at the binary-level without relying on the underlying OS support. We demonstrate the applicability of KShot by successfully patching critical kernel vulnerabilities, upgrading base kernel functions and drivers nearly instantly and transparently. Our experimental results show that KShot incurs merely 70 microseconds downtime to update a one kilobyte binary and 18 MB memory overhead.

Keywords

Kernel function updating, system management mode, trusted execution environment, consistency, transparency

Discipline

Information Security

Research Areas

Information Systems and Management

Areas of Excellence

Digital transformation

Publication

IEEE Transactions on Dependable and Secure Computing

Volume

21

Issue

4

First Page

2085

Last Page

2098

ISSN

1545-5971

Identifier

10.1109/TDSC.2023.3300101

Publisher

Institute of Electrical and Electronics Engineers

Citation

ZHOU, Lei; ZHANG, Fengwei; LEACH, Kevin; DING, Xuhua; NING, Zhenyu; WANG, Guojun; and XIAO, Jidong. Hardware-assisted live kernel function updating on Intel platforms. (2024). IEEE Transactions on Dependable and Secure Computing. 21, (4), 2085-2098.
Available at: https://ink.library.smu.edu.sg/sis_research/9876

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.

Additional URL

https://doi.org/10.1109/TDSC.2023.3300101