Operating systems strengthen proactive protection: Digital intelligence now has a 'secure foundation'

11/21 2024 543

A fascinating viewpoint circulates among developers: approximately every 20 years, operating systems experience a leapfrogging development opportunity.

From mainframes in the 1960s to personal computers in the 1980s, and the rise of the internet at the turn of the century, all align with this viewpoint: as a bridge between software and hardware, operating systems continuously spawn new applications, creating new blue oceans.

The ongoing wave of digitization and intelligence has already demonstrated exponential growth in application scenarios, once again validating the '20-year cycle' of operating systems.

Unlike the past, digital intelligence is often prefixed with 'industry,' carrying the mission of productivity leapfrogging and in-depth industrial transformation. As the 'foundation' of industrial digital intelligence, operating systems must not only have a thriving ecosystem but also deliver high marks on security.

01 'Security Wins the World'

Back in 1991, 21-year-old Linus Torvalds wrote a kernel with 10,000 lines of code, choosing to name it 'GNU/Linux' under the GPL agreement and GNU principles.

Over the following years, developers worldwide extensively modified and supplemented Linus' kernel code, adding missing components like GUIs (graphical user interfaces) and applications, gradually forming a comprehensive operating system known as Linux.

While many consumers may be less familiar with Linux than Windows, Android, or iOS, Linux holds over 90% market share in servers and data centers, with over half of Microsoft Azure instances running Linux virtual machines.

It's no exaggeration to say that nearly the entire digital world runs on Linux.

Why does the server market, which prioritizes security, favor open-source Linux? After extensive research, we found two answers.

The first is openness.

Since Linux is open-source, anyone can freely view, modify, and redistribute its source code, granting Linux high flexibility and customizability, leading to Linux-based distributions like Ubuntu, RedHat, Debian, CentOS, and domestic open-source operating systems like openEuler, as well as commercial distributions like Yinhe Kylin, Tongxin UOS, and Qilin Xin'an, all based on openEuler.

The second is security.

To quote Eric Raymond, author of 'The Cathedral and the Bazaar,' 'With many eyes, bugs are shallow.' Open-source software brings together developers from various fields, who passionately delve into code, making vulnerabilities easier to discover. Google reported in 2022 that vulnerabilities on Linux are fixed in an average of 25 days, compared to 69 days for Apple, 44 days for Google, and about three months for Microsoft.

However, security is relative. Despite open-source transparency, Linux-related security incidents have been frequent in recent years.

In 2017, a series of remote execution vulnerabilities known as 'Phoenix Talon' were disclosed, including one critical and three high-severity vulnerabilities that could lead to DoS attacks and remote code execution. In 2021, the notorious 'Dirty Pipe' vulnerability allowed attackers to escalate privileges to root on default Ubuntu, Debian, Fedora, CentOS, and other hosts.

As we enter 2024, operating systems are further integrating with AI. The openEuler open-source operating system proposes the concept of 'OS for AI, AI for OS,' comprehensively enhancing AI capabilities.

For instance, it disrupts traditional command-line interaction by training EulerCopilot on large models, initially enabling code-generation assistance, intelligent problem analysis, and auxiliary operations and maintenance. Through unified management and scheduling of heterogeneous resources, it achieves deep integration of CPUs and XPUs, effectively improving AI training and inference performance.

As operating systems accelerate their evolution towards AI, how can potential security threats be eliminated?

02 'From Ancient Warships to Aircraft Carriers'

For a long time, operating system security strategies focused on 'passive defense.'

As once widely believed in the Linux community, 'Security bugs are just bugs,' leading to long-term reliance on bug fixes for security.

The issue is that while the 1991 Linux kernel had only 10,000 lines of code, the 6.6 kernel version surpassed 30 million lines. This vast codebase, combined with complex interactions between modules, results in frequent security vulnerabilities, with 710 disclosed in 2023 alone.

Even though open source excels in vulnerability discovery and repair efficiency, it takes an average of 60 days from vulnerability creation to discovery and over 20 days from discovery to patch. Moreover, 52% of patches do not fully resolve vulnerabilities. Against this backdrop, proactive defense strategies have gradually become the consensus in open-source communities.

A notable example is the HAOC hybrid kernel developed by the Z-Park laboratory in collaboration with openEuler, which builds a security system into the system design.

Due to Linux's monolithic kernel architecture being flat, with all modules concentrated in the same address space without isolation, vulnerabilities in any module can compromise the entire kernel, increasing the difficulty of implementing proactive defense strategies.

The Z-Park laboratory proposed the design concept of a hybrid kernel, attempting to establish systematic proactive protection:

First, the kernel structure was reconstructed into a central core layer, a general module layer, and a high-risk module layer.

The original kernel was moved to the general module layer, protected through continuous randomization to raise the bar for exploit delivery. Critical data was moved to the central core layer, including system tables, authorization credentials, system keys, defense control policies, and sensitive instructions. Kernel extensions and device drivers were classified as high-risk modules, each isolated to prevent risk propagation. Simultaneously, hardware was utilized to isolate layers.

Next, critical data mimicry was implemented to prevent attackers from locating critical data through continuous randomization of address layouts.

While the hybrid kernel addresses lateral movement of vulnerability threats, it faces a challenging hurdle: frequent code interactions within the kernel necessitate minimal overhead. The Z-Park laboratory analyzed hardware characteristics like memory access and code debugging, ingeniously using these features to achieve intra-layer overhead isolation. This resulted in low-overhead isolation within layers, offering a two-order-of-magnitude performance advantage over traditional overhead solutions.

Wu Chenggang, a researcher at the Z-Park laboratory and the Institute of Computing Technology, Chinese Academy of Sciences, used an apt metaphor in his keynote speech at the Operating System Conference 2024: 'The flat monolithic kernel architecture is like an ancient warship, easily attacked by intruders, whereas the hybrid kernel resembles a modern aircraft carrier with many compartments, making attacks much more difficult.'

Much like the combat effectiveness of modern aircraft carriers, the HAOC kernel provides security options including central core, isolated execution protection, system key protection, policy protection, page table protection, credential protection, kernel extension isolation, and driver isolation, earning high recognition from the Linux eBPF Foundation.

03 China's Paradigm in Open Source

In early June 2024, the first AI-native open-source operating system, openEuler 24.03 LTS, was officially released, featuring upgrades to intelligent solutions and integrating the HAOC kernel 1.0.

After nearly half a year of market validation, new opportunities and applications stemming from architectural innovations are gradually emerging:

For instance, formal verification of code is theoretically challenging for the Linux kernel's 30 million lines of code. However, the hybrid structure partitions the kernel, making formal verification feasible.

Additionally, the hybrid kernel combines the performance advantages of a monolithic kernel with the security of a microkernel, presenting attractive application prospects in areas like intelligent and connected vehicles, low-altitude economy, and commercial aerospace.

At the Operating System Conference 2024, the HAOC kernel 2.0 was officially released, offering multiple capability upgrades over HAOC kernel 1.0:

1. Simultaneous kernel attack protection for both X86 and ARM architectures.

2. Security protection for page table structures, authorization credentials, access control policies, and keys, capable of blocking common kernel privilege escalation attacks.

3. Isolation and control of high-risk drivers to prevent security risks from spreading to the core kernel.

4. A 20% performance improvement over HAOC kernel 1.0.

Regarding the future development of the HAOC kernel, Wu Chenggang outlined a clear roadmap: further exploring intra-layer security enhancement techniques for the hybrid kernel architecture, continuing to explore hardware-software co-isolation technologies, validating and exploring high-level formalization, and phasing in mature hybrid kernel technologies into the community, including the hybrid isolation framework into the openEuler community and intra-layer enhancements into the mainline Linux.

The reasons are straightforward.

As the foundation of operating system security, if the kernel is compromised, attackers may gain the highest level of system control privileges. Actively participating in open-source operating system development and collaborating with global developers to advance hybrid kernel innovations and applications is arguably the only way to build a secure foundation for digital intelligence.

Almost simultaneously, core contributors from Huawei in the openEuler community officially became CVE review members of the Linux kernel community, directly participating in CVE reviews to improve CVE identification quality from the source, maintain awareness of CVE information, and further enhance the openEuler community's response capability regarding high-risk vulnerabilities.

Image: CVE Review Team, Linux Kernel Community

Whether it's the architectural innovation of the hybrid kernel or deep involvement in Linux kernel vulnerability reviews, both signal the rise of China's open-source power.

On the openEuler community, there are over 20,000 developers and organizations like the Z-Park laboratory, forming 109 technical interest groups, making 2,446 technical decisions, merging 194,678 code contributions, and participating in 588 innovation projects, significantly contributing to the prosperity and progress of the global open-source community.

A report by IDC, a globally renowned market research firm, corroborates this: In 2024, openEuler will account for 50% of China's new server operating system market. In the five years since its inception, openEuler installations have surpassed 10 million, with 5 million new installations expected in 2024 alone.

This also signifies that Chinese developers and organizations are transitioning from participants to builders and even leaders in the open-source community, continuously enhancing their voice in the operating system field.

04 Closing Remarks

Over 30 years ago, thousands of developers worldwide, through community communication and collaboration, miraculously created a world-class operating system.

Over 30 years later, as the world enters the era of digital intelligence and urgently needs a 'secure foundation,' there is once again a group of developers silently contributing their efforts. The difference is that this time, there are more Chinese faces, particularly in the core area of the kernel, showcasing China's innovation and wisdom to the world.

Solemnly declare: the copyright of this article belongs to the original author. The reprinted article is only for the purpose of spreading more information. If the author's information is marked incorrectly, please contact us immediately to modify or delete it. Thank you.