HART: Hardware-Assisted Kernel Module Tracing on Arm

Yunlan Du,Zhenyu Ning,Jun Xu,Zhilong Wang,Yueh Hsun Lin,Fengwei Zhang,Xinyu Xing,Bing Mao
DOI: https://doi.org/10.1007/978-3-030-58951-6_16
2020-01-01
Abstract:While the usage of kernel modules has become more prevalent from mobile to IoT devices, it poses an increased threat to computer systems since the modules enjoy high privileges as the main kernel but lack the matching robustness and security. In this work, we propose HART, a modular and dynamic tracing framework enabled by the Embedded Trace Macrocell (ETM) debugging feature in Arm processors. Powered by even the minimum supports of ETM, HART can trace binary-only modules without any modification to the main kernel efficiently, and plug and play on any module at any time. Besides, HART provides convenient interfaces for users to further build tracing-based security solutions, such as the modular AddressSanitizer HASAN we demonstrated. Our evaluation shows that HART and HASAN incur the average overhead of 5% and 6% on 6 widely-used benchmarks, and HASAN detects all vulnerabilities in various types, proving their efficiency and effectiveness.
What problem does this paper attempt to address?