Syscall Attacks on PKU-based Isolation Systems (Graz University of Technology)


This technical paper titled “Jenny: Securing Syscalls for PKU-based Memory Isolation Systems” was presented by researchers at Graz University of Technology (Austria) at the USENIX Security Symposium in Boston in August 2022.

“Effective syscall filtering is a key component for withstanding the numerous exploitation techniques and privilege escalation attacks we face today. For example, modern browsers use sandboxing techniques with syscall filtering in order to isolate critical code. Cloud computing heavily uses containers, which virtualize the syscall interface. Recently, cloud providers are switching to in-process containers for performance reasons, calling for better isolation primitives. A new isolation primitive that has the potential to fill this gap is called Protection Keys for Userspace (PKU). Unfortunately, prior research highlights severe deficiencies in how PKU-based systems manage syscalls, questioning their security and practicability.

In this work, we comprehensively investigate syscall filtering for PKU-based memory isolation systems. First, we identify new syscall-based attacks that can break a PKU sandbox. Second, we derive syscall filter rules necessary for protecting PKU domains and show efficient ways of enforcing them. Third, we do a comparative study on different syscall interposition techniques with respect to their suitability for PKU, which allows us to design a secure syscall interposition technique that is both fast and flexible.

We design and prototype Jenny– a PKU-based memory isolation system that provides powerful syscall filtering capabilities in userspace. Jenny supports various interposition techniques (e.g., seccomp and ptrace), and allows for domain-specific syscall filtering in a nested way. Furthermore, it handles asynchronous signals securely. Our evaluation shows a minor performance impact of 0–5% for nginx.”

Find the technical paper here (prepublication).

David Schrammel, Samuel Weiser, Richard Sadek, and Stefan Mangard, Graz University of Technology

Chip Backdoors: Assessing The Threat
Steps are being taken to minimize problems, but they will take years to implement.
Security Risks Widen With Commercial Chiplets
Choosing components from a multi-vendor menu holds huge promise for reducing costs and time-to-market, but it’s not as simple as it sounds.
Chip Substitutions Raising Security Concerns
Lots of unknowns will persist for decades across multiple market segments.
Standardizing Chiplet Interconnects
Why UCIe is so important for heterogeneous integration.
More technical papers on security

Leave a Reply

(Note: This name will be displayed publicly)