Lock-in-Pop: Securing Privileged Operating System Kernels by Keeping on the Beaten Path


Yiwen Li, Brendan Dolan-Gavitt, Sam Weber, and Justin Cappos, New York University

Virtual machines (VMs) that try to isolate untrusted code are widely used in practice. However, it is often possible to trigger zero-day flaws in the host Operating System (OS) from inside of such virtualized systems. In this paper, we propose a new security metric showing strong correlation between “popular paths” and kernel vulnerabilities. We verify that the OS kernel paths accessed by popular applications in everyday use contain significantly fewer security bugs than less-used paths. We then demonstrate that this observation is useful in practice by building a prototype system which locks an application into using only popular OS kernel paths. By doing so, we demonstrate that we can prevent the triggering of zero-day kernel bugs significantly better than three other competing approaches, and argue that this is a practical approach to secure system design.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

@inproceedings {203209,
author = {Yiwen Li and Brendan Dolan-Gavitt and Sam Weber and Justin Cappos},
title = {{Lock-in-Pop}: Securing Privileged Operating System Kernels by Keeping on the Beaten Path},
booktitle = {2017 USENIX Annual Technical Conference (USENIX ATC 17)},
year = {2017},
isbn = {978-1-931971-38-6},
address = {Santa Clara, CA},
pages = {1--13},
url = {https://www.usenix.org/conference/atc17/technical-sessions/presentation/li-yiwen},
publisher = {USENIX Association},
month = jul

Presentation Audio