Literature Database Entry

gerhorst2024verifence

Luis Gerhorst, Henriette Herzog, Peter Wägemann, Maximilian Ott, Rüdiger Kapitza and Timo Hönig, "VeriFence: Lightweight and Precise Spectre Defenses for Untrusted Linux Kernel Extensions," Proceedings of 27th International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2024), Padova, Italy, September 2024, pp. 644–659.

Abstract

High-performance IO demands low-overhead communication between user- and kernel space. This demand can no longer be fulfilled by traditional system calls. Linux's extended Berkeley Packet Filter (BPF) avoids user-/kernel transitions by just-in-time compiling user-provided bytecode and executing it in kernel mode with near-native speed. To still isolate BPF programs from the kernel, they are statically analyzed for memory- and type-safety, which imposes some restrictions but allows for good expressiveness and high performance. However, to mitigate the Spectre vulnerabilities disclosed in 2018, defenses which reject potentially-dangerous programs had to be deployed. We find that this affects 31 % to 54 % of programs in a dataset with 844 real-world BPF programs from popular open-source projects. To solve this, users are forced to disable the defenses to continue using the programs, which puts the entire system at risk.To enable secure and expressive untrusted Linux kernel extensions, we propose VeriFence, an enhancement to the kernel's Spectre defenses that reduces the number of BPF application programs rejected from 54 % to zero. We measure VeriFence's overhead for all mainstream performance-sensitive applications of BPF (i.e., event tracing, profiling, and packet processing) and find that it improves significantly upon the status-quo where affected BPF programs are either unusable or enable transient execution attacks on the kernel.

Quick access

Original Version DOI (at publishers web site)
BibTeX BibTeX

Contact

Luis Gerhorst
Henriette Herzog
Peter Wägemann
Maximilian Ott
Rüdiger Kapitza
Timo Hönig

BibTeX reference

@inproceedings{gerhorst2024verifence,
    author = {Gerhorst, Luis and Herzog, Henriette and W{\"{a}}gemann, Peter and Ott, Maximilian and Kapitza, R{\"{u}}diger and H{\"{o}}nig, Timo},
    doi = {10.1145/3678890.3678907},
    title = {{VeriFence: Lightweight and Precise Spectre Defenses for Untrusted Linux Kernel Extensions}},
    pages = {644--659},
    publisher = {ACM},
    address = {Padova, Italy},
    booktitle = {27th International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2024)},
    month = {9},
    year = {2024},
   }
   
   

Copyright notice

Links to final or draft versions of papers are presented here to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted or distributed for commercial purposes without the explicit permission of the copyright holder.

The following applies to all papers listed above that have IEEE copyrights: Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.

The following applies to all papers listed above that are in submission to IEEE conference/workshop proceedings or journals: This work has been submitted to the IEEE for possible publication. Copyright may be transferred without notice, after which this version may no longer be accessible.

The following applies to all papers listed above that have ACM copyrights: ACM COPYRIGHT NOTICE. Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, to republish, to post on servers, or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from Publications Dept., ACM, Inc., fax +1 (212) 869-0481, or permissions@acm.org.

The following applies to all SpringerLink papers listed above that have Springer Science+Business Media copyrights: The original publication is available at www.springerlink.com.

This page was automatically generated using BibDB and bib2web.

Last modified: 2026-04-30