Full Disclosure mailing list archives
PAPER: Securing The Kernel via Static Binary Rewriting and Program Shepherding
From: Piotr Bania <bania.piotr () gmail com>
Date: Mon, 9 May 2011 11:58:41 +0200
ABSTRACT Recent Microsoft security bulletins show that kernel vulnerabilities are becoming more and more important security threats. Despite the pretty extensive security mitigations many of the kernel vulnerabilities are still exploitable. Successful kernel exploitation typically grants the attacker maximum privilege level and results in total machine compromise. To protect against kernel exploitation, we have developed a tool which statically rewrites the Microsoft Windows kernel as well as other kernel level modules. Such rewritten binary files allow us to monitor control flow transfers during operating system execution. At this point we are able to detect whether selected control transfer flow is valid or should be considered as an attack attempt. Our solution is especially directed towards preventing remote kernel exploitation attempts. Additionally, many of the local privilege escalation attacks are also blocked (also due to additional mitigation techniques we have implemented). Our tool was tested with Microsoft Windows XP, Windows Vista and Windows 7 (under both virtual and physical machines) on IA-32 compatible processors. Our apparatus is also completely standalone and does not require any third party software. LINK TO THE PAPER: http://www.piotrbania.com/all/articles/pbania-securing-the-kernel2011.pdf Some initial working results in form of video/picture: 1) http://piotrbania.com/all/trash/q_vs_ms10-073.png 2) http://vimeo.com/22189008 best regards, pb -- -------------------------------------------------------------------- Piotr Bania - <bania.piotr () gmail com> - 0xCD, 0x19 Fingerprint: 413E 51C7 912E 3D4E A62A BFA4 1FF6 689F BE43 AC33 http://www.piotrbania.com - Key ID: 0xBE43AC33 -------------------------------------------------------------------- - "The more I learn about men, the more I love dogs." _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- PAPER: Securing The Kernel via Static Binary Rewriting and Program Shepherding Piotr Bania (May 09)