lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <BANLkTi=8989N7JR_d7OVYWKnh_DVut_P9A@mail.gmail.com>
Date: Mon, 9 May 2011 11:58:41 +0200
From: Piotr Bania <bania.piotr@...il.com>
To: dailydave@...ts.immunitysec.com
Cc: full-disclosure@...ts.grok.org.uk
Subject: PAPER: Securing The Kernel via Static Binary
	Rewriting and Program Shepherding

ABSTRACT

Recent Microsoft security bulletins show that kernel vulnerabilities are
becoming more and more important security threats. Despite the pretty
extensive security mitigations many of the kernel vulnerabilities are
still exploitable. Successful kernel exploitation typically grants the
attacker maximum privilege level and results in total machine
compromise.

To protect against kernel exploitation, we have developed a tool which
statically rewrites the Microsoft Windows kernel as well as other kernel
level modules. Such rewritten binary files allow us to monitor control
flow transfers during operating system execution. At this point we are
able to detect whether selected control transfer flow is valid or should
be considered as an attack attempt. Our solution is especially directed
towards preventing remote kernel exploitation attempts. Additionally,
many of the local privilege escalation attacks are also blocked (also
due to additional mitigation techniques we have implemented). Our tool
was tested with Microsoft Windows XP, Windows Vista and Windows 7 (under
both virtual and physical machines) on IA-32 compatible processors. Our
apparatus is also completely standalone and does not require any third
party software.


LINK TO THE PAPER:
http://www.piotrbania.com/all/articles/pbania-securing-the-kernel2011.pdf



Some initial working results in form of video/picture:
1) http://piotrbania.com/all/trash/q_vs_ms10-073.png
2) http://vimeo.com/22189008

best regards,
pb


-- 
--------------------------------------------------------------------
Piotr Bania - <bania.piotr@...il.com> - 0xCD, 0x19
Fingerprint: 413E 51C7 912E 3D4E A62A  BFA4 1FF6 689F BE43 AC33
http://www.piotrbania.com  - Key ID: 0xBE43AC33
--------------------------------------------------------------------

               - "The more I learn about men, the more I love dogs."

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ