{"created":"2025-01-19T01:04:39.499740+00:00","metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00201387","sets":["6164:6165:6462:10022"]},"path":["10022"],"owner":"44499","recid":"201387","title":["カーネル仮想記憶空間における排他的ページ参照によるカーネルの攻撃耐性の実現と評価"],"pubdate":{"attribute_name":"公開日","attribute_value":"2019-10-14"},"_buckets":{"deposit":"ffe985d1-f4d4-46ea-bbfe-3905d9648cf6"},"_deposit":{"id":"201387","pid":{"type":"depid","value":"201387","revision_id":0},"owners":[44499],"status":"published","created_by":44499},"item_title":"カーネル仮想記憶空間における排他的ページ参照によるカーネルの攻撃耐性の実現と評価","author_link":["492274","492276","492273","492275"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"カーネル仮想記憶空間における排他的ページ参照によるカーネルの攻撃耐性の実現と評価"},{"subitem_title":"Design and Implementation of Exclusive Page Reference Mechanism Mitigates Kernel Vulnerability Attack","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"ページ管理，仮想記憶空間，カーネル脆弱性，オペレーティングシステム，システムセキュリティ","subitem_subject_scheme":"Other"}]},"item_type_id":"18","publish_date":"2019-10-14","item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_18_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"岡山大学大学院自然科学研究科／セコム株式会社IS研究所"},{"subitem_text_value":"岡山大学大学院自然科学研究科"}]},"item_18_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Graduate School of Natural Science and Technology, Okayama University / Intelligent Systems Laboratory, SECOM Co., Ltd.","subitem_text_language":"en"},{"subitem_text_value":"Graduate School of Natural Science and Technology, Okayama University","subitem_text_language":"en"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/201387/files/IPSJCSS2019094.pdf","label":"IPSJCSS2019094.pdf"},"date":[{"dateType":"Available","dateValue":"2021-10-14"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJCSS2019094.pdf","filesize":[{"value":"1.5 MB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"30"},{"tax":["include_tax"],"price":"0","billingrole":"46"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"36528f1d-e4ef-49e0-b33e-589748b37761","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2019 by the Information Processing Society of Japan"}]},"item_18_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"葛野, 弘樹"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"山内, 利宏"}],"nameIdentifiers":[{}]}]},"item_18_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Hiroki, Kuzuno","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Toshihiro, Yamauchi","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_18_relation_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_relation_type_id":{"subitem_relation_type_select":"NCID","subitem_relation_type_id_text":"ISSN　1882-0840"}}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_5794","resourcetype":"conference paper"}]},"item_18_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"オペレーティングシステムカーネルの仮想記憶空間は全てのプロセスで共有する管理方式が取られる．仮想化などのカーネル機能を利用するプロセスでは，CPU 状態やセキュリティポリシをカーネルの仮想記憶空間に保存する．一部のプロセスからカーネルの脆弱性を利用した攻撃を想定した場合，他のプロセスの利用するカーネル仮想記憶空間領域は侵害される可能性がある．ハードウェアでは Trusted Execution Environment による物理記憶空間の分離，ならびに，ソフトウェアでは，カーネルモードとユーザモード，およびシステムコール単位にて仮想記憶空間を分離する手法が提案されている．既存手法ではプロセス毎にカーネルの仮想記憶空間において参照可能な記憶領域は明確に分離されず，依然としてカーネルへの攻撃により全てのプロセスで共有するカーネルの仮想記憶空間は攻撃の影響を受ける．本稿では，プロセス単位やカーネルの特定機能に対しカーネル仮想記憶空間を構成する特定ページを排他的に参照可能とする動的ページ管理機構を提案する．Linux にて提案を実現し，攻撃耐性と有効性を評価し，考察を行う．","subitem_description_type":"Other"}]},"item_18_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"Operating System kernel has the sharing mechanism of kernel virtual memory for each user process. Some kernel features and processes store virtual CPU status or security policy on the kernel virtual memory (e.g., virtualization or container). An adversary's process compromised OS kernel via kernel vulnerability. It overwrites other process's data on the kernel virtual memory. Kernel virtual memory isolation methods separate the one kernel virtual memory to user mode, kernel mode, and system call invocation timing. Although these methods mitigate that an adversary's process occurs suspicious activity from user mode to kernel mode interaction, user processes have shared reference available pages on kernel virtual memory. In this paper, we propose a novel mechanism that provides an exclusive page reference feature. It enables that user process keeps domestic pages on the kernel virtual memory. It is implemented and evaluated on the latest Linux kernel, then discussion for kernel attack mitigation capability.","subitem_description_type":"Other"}]},"item_18_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"667","bibliographic_titles":[{"bibliographic_title":"コンピュータセキュリティシンポジウム2019論文集"}],"bibliographicPageStart":"660","bibliographicIssueDates":{"bibliographicIssueDate":"2019-10-14","bibliographicIssueDateType":"Issued"},"bibliographicVolumeNumber":"2019"}]},"relation_version_is_last":true,"weko_creator_id":"44499"},"id":201387,"updated":"2025-01-19T21:03:41.769679+00:00","links":{}}