Kruiser: Semi-synchronized Non-blocking Concurrent Kernel Heap Buffer Overflow Monitoring

Author(s): Donghai Tian, Qiang Zeng, Dinghao Wu, Peng Liu and Changzhen Hu

Download: Paper (PDF)

Date: 8 Feb 2012

Document Type: Briefing Papers

Additional Documents: Slides

Associated Event: NDSS Symposium 2012

Abstract:

This paper presents Kruiser, a concurrent kernel heap buffer overflow monitor. Leveraging the multi-core architectures, Kruiser migrates security enforcement from the kernel’s normal execution to a concurrent monitor process, which is protected using contemporary virtualization features. To reduce the synchronization overhead between the monitor process and the running kernel, Kruiser adopts a novel semi-synchronized non-blocking monitoring algorithm.