Date: Thu, 20 Mar 2014 11:16:33 +0100 From: Oliver Pinter <oliver.pntr@gmail.com> To: freebsd-hackers@freebsd.org Cc: gavin@freebsd.org Subject: GSoC proposal: Implement Intel SMAP and kernel patching framework Message-ID: <CAPjTQNG4UoT=6ChyQj9uY=b9W2KuGSeZzpDwJEMBONKmkpHTOw@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hi All! Below is my proposal: Organization: FreeBSD Short description: In first phase, I want to implement the Intel SMAP (Supervisor Mode Access Prevention) technology for x86-64 architecture. In second phase, I plan to implement boot/load time kernel and kernel module patching (instruction patching) framework. * General Information: ** e-mail: oliver.pntr AT gmail.com ** phone: XX ** IRC: _op_@OFTC ** IRC: _op_@EFNet ** IRC: _op_@irc.atw.hu ** linkedin: http://hu.linkedin.com/in/oliverpinter/ ** availability: ~30 hrs/week * Biography: I am Oliver Pinter, an MSc student from Budapest University of Technology and Economics (BUTE). I'm on Specialization on Security of Telecommunication Systems at Crysys Labratory. In 2008 I maintained stable linux kernel tree: http://repo.or.cz/w/linux-2.6.22.y-op.git . In Bsc thesis I investigated some aspects of Intel SMAP with contact of Intel (See linkedin or google://freebsd+intel+smap). Currently I am part of BUTE's Crysys Labratory (www.crysys.hu) . * Short Description: ** In first phase, I want to implement the Intel SMAP (Supervisor Mode Access Prevention) technology for x86-64 architecture. In second phase, I plan to implement boot/load time kernel and kernel module patching framework. * Project Title: ** Implement Intel SMAP and kernel patching framework * Project Description: ** Intel SMAP is a hardware extension to support advanced kernel self-protection. The SMAP technology will prevent unintended data access from kernel to userland memory. The technology will appear in Intel Broadwell architecture in 2014Q2/Q3. Currently there is an emulator - namely Qemu with TCG - which supports this technology. ** Runtime kernel/kernel module patching is required, otherwise the processor will fail when processing unknown instruction. Newer processors introducing newer instructions which didn't exist on older one. To solve this situation this framework makes the kernel and kernel modules self-modifiable in common way. ** http://software.intel.com/sites/default/files/319433-014.pdf ** http://forums.grsecurity.net/viewtopic.php?f=7&t=3046 ** https://lwn.net/Articles/517475/ * Deliverables: ** phase #1: - Improved security of FreeBSD kernel in future x86-64 processors ** phase #2: - generic framework for boot-time/runtime kernel image and kernel modules patching - elliminate hackish "manual" instruction patching: http://svnweb.freebsd.org/base/head/sys/amd64/amd64/cpu_switch.S?r1=238450&r2=238449&pathrev=238450 * Test Plan: ** phase #1 - SMAP: - create a VM image - write vulnerable kernel module and PoC, and test - test in qemu with SMAP emulation ** phase #2 - kernel patching: - create a VM image - boot test in qemu - kernel module test in qemu - test in qemu with enabled SMAP - test on real hardware with XSAVE/XSAVEOPT - stress test * Schedule: **phase #1: May 19 - May 25: update Intel SMAP knowledege May 26 - June 8: update relevant FreeBSD kernel knowledge June 9 - June 15: implement/refine trap handler and add/refine required code to relevant parts of kernel June 16 - June 22: test and fix * phase #2: June 13 - June 29: identify the required places to modify in booting process and kernel module loading process June 30 - July 6: design the kernel patching framework July 7 - July 20: implement the kernel patching framework July 21 - July 27: adapt XSAVE and SMAP instructions to new framework July 28 - EoC: test, test, fix, test 0 comments
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAPjTQNG4UoT=6ChyQj9uY=b9W2KuGSeZzpDwJEMBONKmkpHTOw>