KShot: Live Kernel Patching with SMM and SGX

Authors

Lei Zhou, Southern University of Science and Technology
Fengwei Zhang, Southern University of Science and Technology
Jinghui Liao, Wayne State University
Zhengyu Ning, Southern University of Science and Technology
Jidong Xiao, Boise State UniversityFollow
Kevin Leach, University of Michigan
Westley Weimer, University of Michigan
Guojun Wang, Guangzhou University

Document Type

Conference Proceeding

Publication Date

2020

Abstract

Live kernel patching is an increasingly common trend in operating system distributions, enabling dynamic updates to include new features or to fix vulnerabilities without having to reboot the system. Patching the kernel at runtime lowers downtime and reduces the loss of useful state from running applications. However, existing kernel live patching techniques (1) rely on specific support from the target operating system, and (2) admit patch failures resulting from kernel faults. We present KSHOT, a kernel live patching mechanism based on x86 SMM and Intel SGX that focuses on patching Linux kernel security vulnerabilities. Our patching processes are protected by hardware-assisted Trusted Execution Environments. We demonstrate that our technique can successfully patch vulnerable kernel functions at the binary-level without support from the underlying OS and regardless of whether the kernel patching mechanism is compromised. We demonstrate the applicability of KSHOT by successfully patching 30 critical indicative kernel vulnerabilities.

Publication Information

Zhou, Lei; Zhang, Fengwei; Liao, Jinghui; Ning, Zhengyu; Xiao, Jidong; Leach, Kevin; Weimer, Westley; and Wang, Guojun. (2020). "KShot: Live Kernel Patching with SMM and SGX". In 2020 50th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) (pp. 1-13). https://doi.org/10.1109/DSN48063.2020.00021