Vasileios P. Kemerlis, Georgios Portokalidis, Angelos D. Keromytis Network Security Lab, Department of Computer Science, Columbia University, USA 21 st.

Slides:



Advertisements
Similar presentations
ROP is Still Dangerous: Breaking Modern Defenses Nicholas Carlini et. al University of California, Berkeley USENIX Security 2014 Presenter: Yue Li Part.
Advertisements

Defenses. Preventing hijacking attacks 1. Fix bugs: – Audit software Automated tools: Coverity, Prefast/Prefix. – Rewrite software in a type safe languange.
Paruj Ratanaworabhan, Cornell University Benjamin Livshits, Microsoft Research Benjamin Zorn, Microsoft Research USENIX Security Symposium 2009 A Presentation.
Department of Computer Science and Engineering University of Washington Brian N. Bershad, Stefan Savage, Przemyslaw Pardyak, Emin Gun Sirer, Marc E. Fiuczynski,
Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 10: Buffer Overflow.
Assembler/Linker/Loader Mooly Sagiv html:// Chapter 4.3 J. Levine: Linkers & Loaders
Practical Timing Side Channel Attacks Against Kernel Space ASLR
Stack-Based Buffer Overflows Attacker – Can take over a system remotely across a network. local malicious users – To elevate their privileges and gain.
CS 153 Design of Operating Systems Spring 2015 Lecture 19: Page Replacement and Memory War.
OmniVM Efficient and Language- Independent Mobile Programs Ali-Reza Adl-Tabatabai, Geoff Langdale, Steven Lucco and Robert Wahbe from Carnegie Mellon University.
Memory Management (II)
CE6105 Linux 作業系統 Linux Operating System 許 富 皓. Chapter 2 Memory Addressing.
1 Achieving Trusted Systems by Providing Security and Reliability (Research Project #22) Project Members: Ravishankar K. Iyer, Zbigniew Kalbarczyk, Jun.
OS Spring’03 Introduction Operating Systems Spring 2003.
Achieving Trusted Systems by Providing Security and Reliability Ravishankar K. Iyer, Zbigniew Kalbarczyk, Jun Xu, Shuo Chen, Nithin Nakka and Karthik Pattabiraman.
@ NCSU Zhi NCSU Xuxian Microsoft Research Weidong Microsoft NCSU Peng NCSU ACM CCS’09.
Jiang Wang, Joint work with Angelos Stavrou and Anup Ghosh CSIS, George Mason University HyperCheck: a Hardware Assisted Integrity Monitor.
Address Obfuscation: An Efficient Approach to Combat a Broad Range of Memory Error Exploits Sandeep Bhatkar, Daniel C. DuVarney, and R. Sekar Stony Brook.
CSE598C Virtual Machines and Their Applications Operating System Support for Virtual Machines Coauthored by Samuel T. King, George W. Dunlap and Peter.
CS 153 Design of Operating Systems Spring 2015 Lecture 24: Android OS.
Efficient Software-Based Fault Isolation—sandboxing Presented by Carl Yao.
Charles Curtsinger UMass at Amherst Benjamin Livshits and Benjamin Zorm Microsoft Research Christian Seifert Microsoft 20 th USENIX Security Symposium.
Previous Next 06/18/2000Shanghai Jiaotong Univ. Computer Science & Engineering Dept. C+J Software Architecture Shanghai Jiaotong University Author: Lu,
Address Space Layout Permutation
Web Application Access to Databases. Logistics Test 2: May 1 st (24 hours) Extra office hours: Friday 2:30 – 4:00 pm Tuesday May 5 th – you can review.
Packet Vaccine: Blackbox Exploit Detection and Signature Generation Authors: XiaoFeng Wang Zhuowei Li Jong Youl Choi School of Informatics, Indiana University.
Chapter 6 Operating System Support. This chapter describes how middleware is supported by the operating system facilities at the nodes of a distributed.
G53SEC 1 Reference Monitors Enforcement of Access Control.
Protecting Cryptographic Keys from Memory Disclosure Attacks Presented by John Shu Shouhuai Xu and Keith Harrison UTSA, Dept. Computer Science.
Operating System Support for Virtual Machines Samuel T. King, George W. Dunlap,Peter M.Chen Presented By, Rajesh 1 References [1] Virtual Machines: Supporting.
Benefits: Increased server utilization Reduced IT TCO Improved IT agility.
Three fundamental concepts in computer security: Reference Monitors: An access control concept that refers to an abstract machine that mediates all accesses.
KGuard: Lightweight Kernel Protection against Return-to-User Attacks Authors: Vasileios P. Kemerlis Georgios Portokalidis Angelos D. Keromytis Presenter:
29th ACSAC (December, 2013) SPIDER: Stealthy Binary Program Instrumentation and Debugging via Hardware Virtualization Zhui Deng, Xiangyu Zhang, and Dongyan.
Mitigation of Buffer Overflow Attacks
Branch Regulation: Low-Overhead Protection from Code Reuse Attacks.
© Janice Regan, CMPT 300, May CMPT 300 Introduction to Operating Systems Operating Systems Overview Part 2: History (continued)
Enhanced Operating System Security Through Efficient and Fine-grained Address Space Randomization Vikram Reddy Enukonda.
1 Linux Operating System 許 富 皓. 2 Memory Addressing.
Buffer Overflow CS461/ECE422 Spring Reading Material Based on Chapter 11 of the text.
MICHALIS POLYCHRONAKIS(COLUMBIA UNIVERSITY,USA), KOSTAS G. ANAGNOSTAKIS(NIOMETRICS, SINGAPORE), EVANGELOS P. MARKATOS(FORTH-ICS, GREECE) ACSAC,2010 Comprehensive.
© Janice Regan, CMPT 300, May CMPT 300 Introduction to Operating Systems Memory: Relocation.
G53SEC 1 Reference Monitors Enforcement of Access Control.
SAM-21 Fortress Model and Defense in Depth Some revision on Computer Architecture.
Bart Miller – October 22 nd,  TCB & Threat Model  Xen Platform  Xoar Architecture Overview  Xoar Components  Design Goals  Results  Security.
Midterm Meeting Pete Bohman, Adam Kunk, Erik Shaw.
Buffer Overflow Proofing of Code Binaries By Ramya Reguramalingam Graduate Student, Computer Science Advisor: Dr. Gopal Gupta.
Buffer Overflow Attack Proofing of Code Binary Gopal Gupta, Parag Doshi, R. Reghuramalingam, Doug Harris The University of Texas at Dallas.
Operating Systems Security
Wireless and Mobile Security
Information Leaks Without Memory Disclosures: Remote Side Channel Attacks on Diversified Code Jeff Seibert, Hamed Okhravi, and Eric Söderström Presented.
Full and Para Virtualization
On the Effectiveness of Address-Space Randomization Hovav Shacham, Matthew Page, Ben Pfaff, Eu-Jin Goh, Nagendra Modadugu, Dan Boneh.
SASI Enforcement of Security Policies : A Retrospective* PSLab 오민경.
Buffer Overflows Taught by Scott Coté.-. _ _.-. / \.-. ((___)).-. / \ /.ooM \ / \.-. [ x x ].-. / \ /.ooM \ -/ \ /-----\-----/---\--\ /--/---\-----/-----\ / \-
Group 9. Exploiting Software The exploitation of software is one of the main ways that a users computer can be broken into. It involves exploiting the.
Security Attacks Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Protecting C and C++ programs from current and future code injection attacks Yves Younan, Wouter Joosen and Frank Piessens DistriNet Department of Computer.
Sung-Dong Kim, Dept. of Computer Engineering, Hansung University Java - Introduction.
Mitigation against Buffer Overflow Attacks
Homework Reading Machine Projects Labs
Current Generation Hypervisor Type 1 Type 2.
2.1. Compilers and Interpreters
CMSC 414 Computer and Network Security Lecture 21
Practical Rootkit Detection with RAI
CS 465 Buffer Overflow Slides by Kent Seamons and Tim van der Horst
Format String.
Week 2: Buffer Overflow Part 2.
Return-to-libc Attacks
Presentation transcript:

Vasileios P. Kemerlis, Georgios Portokalidis, Angelos D. Keromytis Network Security Lab, Department of Computer Science, Columbia University, USA 21 st USENIX Security Symposium (August, 2012)

Outline  Why Return-to-user (ret2usr) ?  Threat model  Protection with kGuard  Implementation  Evaluation  Discussion and Future Work 2012/8/102A Seminar at Advanced Defense Lab

Compile-time protection ASLR, StackGuard, and etc. Why Return-to-user (ret2usr) ? 2012/8/10A Seminar at Advanced Defense Lab3 Administrator Process Attacker User Process System Kernel Privileged Machine Code

Another Reason NNULL pointer dereference errors had not received significant attention. We usually see them as vulnerabilities for DoS attacks. BBut they may be used to gain privileges. CVE (Windows) CVE (Linux) CVE (FreeBSD) CVE (Linux, Android) 2012/8/10A Seminar at Advanced Defense Lab4

A example (CVE )  [link]link  if the socket descriptor belongs to a vulnerable protocol family, the value of the sendpage pointer in line 742 is set to NULL. 2012/8/10A Seminar at Advanced Defense Lab5

Previous Approaches  Previous approaches to the problem are either impractical for deployment in certain environments or can be easily circumvented. Restricting mmap ○ Can be circumvented [link]link PaX ○ Platform and architecture specific ○ performance 2012/8/10A Seminar at Advanced Defense Lab6

In this paper  We present a lightweight solution to the problem.  kGuard is a compiler plugin that augments kernel code with control-flow assertions (CFAs) which ensure that privileged execution remains within its valid boundaries and does not cross to user space. 2012/8/10A Seminar at Advanced Defense Lab7

Threat Model  We ascertain that an adversary is able to completely overwrite, partially corrupt (e.g., zero out only certain bytes), or nullify control data that are stored inside the address space of the kernel. 2012/8/10A Seminar at Advanced Defense Lab8

Protection with kGuard  We propose a defensive mechanism that builds upon inline monitoring and code diversification.  kGuard is a cross-platform compiler plugin that enforces address space segregation, 2012/8/10A Seminar at Advanced Defense Lab9

CFA R (transfer by register) 2012/8/10A Seminar at Advanced Defense Lab10

CFA M (transfer by memory) 2012/8/10A Seminar at Advanced Defense Lab11 Can be skip for optimization

Bypass Trampolines  Like return-oriented programming  It is possible to find an embedded opcode sequence that translates directly to a control branch in user space. 2012/8/10A Seminar at Advanced Defense Lab12

Code Diversification Against Bypasses  Code inflation randomizing the starting address of the text segment inserting NOP sleds of random length at the beginning of each CFA 2012/8/10A Seminar at Advanced Defense Lab13

Code Diversification Against Bypasses (cont.)  CFA motion 2012/8/10A Seminar at Advanced Defense Lab14

Implementation  GCC /8/10A Seminar at Advanced Defense Lab15

Evaluation  Our testbed consisted of a single host, equipped with two 2.66GHz quad-core Intel Xeon X5500 CPUs and 24GB of RAM, running Debian Linux v6 (“squeeze” with kernel v2.6.32).  NOP sled before CFA: 0 ~ /8/10A Seminar at Advanced Defense Lab16

Preventing Real Attacks 2012/8/10A Seminar at Advanced Defense Lab17

Translation Overhead  Kernel image size increased X86: 3.5% X86-64: 5.6% 2012/8/10A Seminar at Advanced Defense Lab18

Performance Overhead  Macro benchmarks Building a vanilla Linux kernel MySQL v ○ Its own benchmark suit ( sql-bench ) Apache v ○ Its utility ab and static HTML files 2012/8/10A Seminar at Advanced Defense Lab19

Macro Benchmark Result kGuardPaX x86X86-64x86x86-64 Building Kernel1.03%0.93%1.26%2.89% sql-bench 0.93%0.85%1.16%2.67% ab 0.001% % 0.001% – 0.01% 0.01% % 0.01% % 2012/8/10A Seminar at Advanced Defense Lab20

Micro Benchmarks 2012/8/10A Seminar at Advanced Defense Lab21

Discussion and Future Work  Custom violation handlers  Persistent threats  CFA motion at runtime 2012/8/10A Seminar at Advanced Defense Lab22

2012/8/10A Seminar at Advanced Defense Lab23

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.