{"id":217050,"metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00217050","sets":["1164:3925:10844:10845"]},"path":["10845"],"owner":"44499","recid":"217050","title":["カーネルにおけるMemory Protection Keyを用いたカーネルデータ保護機構の拡張性検討と性能評価"],"pubdate":{"attribute_name":"公開日","attribute_value":"2022-03-03"},"_buckets":{"deposit":"cd4ce0ea-238f-4c91-94b3-db69e3d204ff"},"_deposit":{"id":"217050","pid":{"type":"depid","value":"217050","revision_id":0},"owners":[44499],"status":"published","created_by":44499},"item_title":"カーネルにおけるMemory Protection Keyを用いたカーネルデータ保護機構の拡張性検討と性能評価","author_link":["561520","561519"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"カーネルにおけるMemory Protection Keyを用いたカーネルデータ保護機構の拡張性検討と性能評価"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"システム設計・実装","subitem_subject_scheme":"Other"}]},"item_type_id":"4","publish_date":"2022-03-03","item_4_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"神戸大学大学院工学研究科"},{"subitem_text_value":"岡山大学学術研究院自然科学学域"}]},"item_4_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Department of Electrical and Electronic Engineering, Graduate School of Engineering, Kobe University","subitem_text_language":"en"},{"subitem_text_value":"Graduate School of Natural Science and Technology, Okayama University","subitem_text_language":"en"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/217050/files/IPSJ-CSEC22096014.pdf","label":"IPSJ-CSEC22096014.pdf"},"date":[{"dateType":"Available","dateValue":"2024-03-03"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-CSEC22096014.pdf","filesize":[{"value":"868.8 kB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"30"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"35b4be12-06fd-4052-a815-2e23668e17b1","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2022 by the Information Processing Society of Japan"}]},"item_4_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"葛野, 弘樹"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"山内, 利宏"}],"nameIdentifiers":[{}]}]},"item_4_source_id_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_source_identifier":"AA11235941","subitem_source_identifier_type":"NCID"}]},"item_4_textarea_12":{"attribute_name":"Notice","attribute_value_mlt":[{"subitem_textarea_value":"SIG Technical Reports are nonrefereed and hence may later appear in any journals, conferences, symposia, etc."}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_18gh","resourcetype":"technical report"}]},"item_4_source_id_11":{"attribute_name":"ISSN","attribute_value_mlt":[{"subitem_source_identifier":"2188-8655","subitem_source_identifier_type":"ISSN"}]},"item_4_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"オペレーティングシステムカーネルへの攻撃として，カーネル脆弱性を利用したメモリ破壊によるカーネルデータの改ざんが知られている．メモリ破壊により，特権昇格攻撃やセキュリティ機能の無効化が可能とされている．カーネルへの攻撃困難化として，KCoFI によるカーネルコードの実行順序の検査，KASLR によるカーネルコード，およびカーネルデータの仮想アドレス配置のランダム化がある．しかし，これらのセキュリティ機構では，カーネルデータへの書込みは禁止されない．カーネル脆弱性の利用に成功した場合，カーネルデータは依然として改ざん可能であり，特権昇格やセキュリティ機能が無効化される可能性は存在する．我々はカーネルにおいて特定のカーネルデータを保護するセキュリティ機構を提案しており，Memory Protection Key（MPK）を利用し，カーネルデータへの書込み制限制御を可能としている．本稿では，先に提案したセキュリティ機構によるユーザプロセスの権限情報の保護機能の整理，ならびに，提案しているセキュリティ機構の拡張性を検討し，書き込み制限対象領域の細粒度化と負荷低減のための機能について考察を進めた．提案方式は，MPK を利用可能なエミュレータ上の Linux にて実現しており，権限情報保護機能の性能評価として，システムコール呼出しに対して 2.96% から 9.01% のオーバヘッドであること，ならびに MPK 操作にかかる性能負荷を計測した．","subitem_description_type":"Other"}]},"item_4_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"8","bibliographic_titles":[{"bibliographic_title":"研究報告コンピュータセキュリティ（CSEC）"}],"bibliographicPageStart":"1","bibliographicIssueDates":{"bibliographicIssueDate":"2022-03-03","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"14","bibliographicVolumeNumber":"2022-CSEC-96"}]},"relation_version_is_last":true,"weko_creator_id":"44499"},"updated":"2025-01-19T15:38:32.729796+00:00","created":"2025-01-19T01:17:33.481942+00:00","links":{}}