[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <BANLkTi=8989N7JR_d7OVYWKnh_DVut_P9A@mail.gmail.com>
Date: Mon, 9 May 2011 11:58:41 +0200
From: Piotr Bania <bania.piotr@...il.com>
To: dailydave@...ts.immunitysec.com
Cc: full-disclosure@...ts.grok.org.uk
Subject: PAPER: Securing The Kernel via Static Binary
Rewriting and Program Shepherding
ABSTRACT
Recent Microsoft security bulletins show that kernel vulnerabilities are
becoming more and more important security threats. Despite the pretty
extensive security mitigations many of the kernel vulnerabilities are
still exploitable. Successful kernel exploitation typically grants the
attacker maximum privilege level and results in total machine
compromise.
To protect against kernel exploitation, we have developed a tool which
statically rewrites the Microsoft Windows kernel as well as other kernel
level modules. Such rewritten binary files allow us to monitor control
flow transfers during operating system execution. At this point we are
able to detect whether selected control transfer flow is valid or should
be considered as an attack attempt. Our solution is especially directed
towards preventing remote kernel exploitation attempts. Additionally,
many of the local privilege escalation attacks are also blocked (also
due to additional mitigation techniques we have implemented). Our tool
was tested with Microsoft Windows XP, Windows Vista and Windows 7 (under
both virtual and physical machines) on IA-32 compatible processors. Our
apparatus is also completely standalone and does not require any third
party software.
LINK TO THE PAPER:
http://www.piotrbania.com/all/articles/pbania-securing-the-kernel2011.pdf
Some initial working results in form of video/picture:
1) http://piotrbania.com/all/trash/q_vs_ms10-073.png
2) http://vimeo.com/22189008
best regards,
pb
--
--------------------------------------------------------------------
Piotr Bania - <bania.piotr@...il.com> - 0xCD, 0x19
Fingerprint: 413E 51C7 912E 3D4E A62A BFA4 1FF6 689F BE43 AC33
http://www.piotrbania.com - Key ID: 0xBE43AC33
--------------------------------------------------------------------
- "The more I learn about men, the more I love dogs."
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists