Return-oriented rootkits: bypassing kernel code integrity protection mechanisms
作者: Felix C. Freiling , Ralf Hund , Thorsten Holz
DOI:
关键词: Protection mechanism 、 Computer security 、 Software portability 、 Computer science 、 Return-oriented programming 、 Rootkit
摘要: Protecting the kernel of an operating system against attacks, especially injection malicious code, is important factor for implementing secure systems. Several integrity protection mechanism were proposed recently that all have a particular shortcoming: They cannot protect attacks in which attacker re-uses existing code within to perform computations. In this paper, we present design and implementation fully automates process constructing instruction sequences can be used by We evaluate on different commodity systems show portability universality our approach. Finally, describe practical attack bypass mechanisms.
index-of.es
acm.org参考文章(19)
Ryan Riley, Xuxian Jiang, Dongyan Xu, Guest-Transparent Prevention of Kernel Rootkits with VMM-Based Memory Shadowing recent advances in intrusion detection. pp. 1- 20 ,(2008) , 10.1007/978-3-540-87403-4_1
James P. Anderson, Computer Security Technology Planning Study ,(1972)
Jason Franklin, Arvind Seshadri, Ning Qu, Sagar Chaki, Anupam Datta, None, Attacking, Repairing, and Verifying SecVisor: A Retrospective on the Security of a Hypervisor (CMU-CyLab-08-008) ,(2008)
Ulfar Erlingsson, Jay Ligatti, Martn Abadi, Mihai Budiu, Control-Flow Integrity - Principles, Implementations, and Applications computer and communications security. ,(2005)
Greg Hoglund, Jamie Butler, Rootkits: Subverting the Windows Kernel ,(2005)
Tal Garfinkel, Mendel Rosenblum, A Virtual Machine Introspection Based Architecture for Intrusion Detection. network and distributed system security symposium. ,(2003)
Rajeev Motwani, John E. Hopcroft, Jeffrey D. Ullman, Introduction To Automata Theory, Languages And Computation, 3Rd Edition ,(2012)
Arvind Seshadri, Mark Luk, Ning Qu, Adrian Perrig, SecVisor Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles - SOSP '07. ,vol. 41, pp. 335- 350 ,(2007) , 10.1145/1294261.1294294
Tim Harris, Miguel Castro, Manuel Costa, Securing software by enforcing data-flow integrity operating systems design and implementation. pp. 147- 160 ,(2006) , 10.5555/1298455.1298470
Erik Buchanan, Ryan Roemer, Hovav Shacham, Stefan Savage, When good instructions go bad Proceedings of the 15th ACM conference on Computer and communications security - CCS '08. pp. 27- 38 ,(2008) , 10.1145/1455770.1455776