KGuard: Lightweight kernel protection against return-to-user attacks

Proceedings of the 21st USENIX Security Symposium

Volumn , Issue , 2012, Pages 459-474

  Kemerlis, Vasileios P ^a   Portokalidis, Georgios ^a   Keromytis, Angelos D ^a  

^a Columbia University ^*  (United States)

Author keywords

[No Author keywords available]

Indexed keywords

64-BIT ARCHITECTURES; CONTROL FLOWS; EXECUTION PATHS; OPERATING SYSTEM KERNEL; REAL-LIFE APPLICATIONS; SPACE OVERHEAD; SPECIAL HARDWARE; SYSTEM CALLS;

LINUX;

EID: 85030776494     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (72)

1. Stack Shield. http://www.angelfire.com/sk/stackshield/, January 2000.
2. th ACM Conference on Computer and Communications Security (CCS) (2005), pp. 340–353.
3. th IEEE Symposium on Security and Privacy (S&P) (2008), pp. 263–277.
4. th ACM Conference on Computer and Communications Security (CCS) (2010), pp. 38–49.
5. th USENIX Annual Technical Conference (FREENIX track) (2005), pp. 41–46.
6. th International Workshop on Mobile Computing Systems and Applications (Hot-Mobile) (2010), pp. 49–54.
7. th ACM Symposium on Information, Computer and Communications Security (ASIACCS) (2011), pp. 30–40.
8. nd ed. O’Reilly Media, Sebastopol, CA, USA, 2005, ch. System Startup, pp. 835–841.
9. BULBA AND KILER. Bypassing StackGuard and StackShield. Phrack 5, 56 (May 2000).
10. th ACM Conference on Computer and Communications Security (CCS) (2009), pp. 555–565.
11. th Symposium on Operating Systems Design and Implementation (OSDI) (2006), pp. 147–160.
12. nd ACM Symposium on Operating Systems Principles (SOSP) (2009), pp. 45–58.
13. th USENIX Security Symposium (USENIX Sec) (2003), pp. 91–104.
14. th USENIX Security Symposium (USENIX Sec) (1998), pp. 63–78.
15. COX, M. J. Red Hat’s Top 11 Most Serious Flaw Types for 2009. http://www.awe.com/mark/blog/20100216. html, February 2010.
16. CVE. CVE-2009-1897. http://cve.mitre.org/cgibin/cvename.cgi?name=CVE-2009-1897, June 2009.
17. C V E. CVE-2009-2692. http://cve.mitre.org/cgibin/cvename.cgi?name=CVE-2009-2692, August 2009.
18. C V E. CVE-2009-2908. http://cve.mitre.org/cgibin/cvename.cgi?name=CVE-2009-2908, August 2009.
19. CVE. CVE-2009-3527. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3527, October 2009.
20. CVE. CVE-2009-3547. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3547, October 2009.
21. C V E. CVE-2010-2959. http://cve.mitre.org/cgibin/cvename.cgi?name=CVE-2010-2959, August 2010.
22. CVE. CVE-2010-3904. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3904, October 2010.
23. C V E. CVE-2010-4258. http://cve.mitre.org/cgibin/cvename.cgi?name=CVE-2010-4258, November 2010.
24. DAN ROSENBERG. kptr_restrict for hiding kernel pointers. http://lwn.net/Articles/420403/, December 2010.
25. DE C VALLE, R. Linux sock_sendpage() NULL Pointer Dereference (PPC/PPC64 exploit). http://packetstormsecurity.org/files/81212/Linux-sock_sendpage-NULL-Pointer-Dereference. html, September 2009.
26. DE RAADT, T. CVS-200910282103. http://marc.info/?l=openbsd-cvs&m=125676466108709&w=2, October 2009.
27. DESIGNER, S. Getting around non-executable stack (and fix). http://seclists.org/bugtraq/1997/Aug/63, August 1997.
28. DOSEMU. DOS Emulation. http://www.dosemu.org, June 2012.
29. DOWD, M. Application-Specific Attacks: Leveraging The ActionScript Virtual Machine. Tech. rep., IBM Corporation, April 2008.
30. EDB. EDB-9477. http://www.exploit-db.com/exploits/9477/, August 2009.
31. EDB. EDB-17391. http://www.exploit-db.com/exploits/17391/, June 2011.
32. EDB. EDB-18080. http://www.exploit-db.com/exploits/18080/, November 2011.
33. th Symposium on Operating Systems Design and Implementation (OSDI) (2006), pp. 75–88.
34. ETOH, H. GCC extension for protecting applications from stack-smashing attacks. http://www.trl.ibm.com/projects/security/ssp/, August 2005.
35. FREEBSD. sysutils/vbetool doesn’t work with FreeBSD 8.0-RELEASE and STABLE. http://forums.freebsd.org/showthread.php?t=12889, April 2010.
36. GARFINKEL, T., AND ROSENBLUM, M. A Virtual Machine Introspection Based Architecture for Intrusion Detection. In Proceedings of the Annual Network & Distributed System Security Symposium (NDSS) (February 2003).
37. GEORGE, V., PIAZZA, T., AND JIANG, H. Technology Insight: Intelc Next Generation Microarchitecture Codename Ivy Bridge. www.intel.com/idf/library/pdf/sf_2011/SF11_SPCS005_101F.pdf, September 2011.
38. GRIZZARD, J. B. Towards Self-Healing Systems: Reestablishing Trust in Compromised Systems. PhD thesis, Georgia Institute of Technology, 2006.
39. HARDY, N. The Confused Deputy (or why capabilities might have been invented). SIGOPS Operating Systems Review 22, 4 (October 1988), 36–38.
40. th USENIX Security Symposium (USENIX Sec) (2009), pp. 383–398.
41. INGO MOLNAR. 4G/4G split on x86, 64 GB RAM (and more) support. http://lwn.net/Articles/39283/, July 2003.
42. th ACM Conference on Computer and Communications Security (CCS) (2003), pp. 272–280.
43. th USENIX Security Symposium (USENIX Sec) (2002), pp. 191–206.
44. th Black Hat USA (2009).
45. th European Conference on Computer Systems (EuroSys) (2010), pp. 195–208.
46. th Annual Computer Security Applications Conference (ACSAC) (2010), pp. 271–280.
47. rd USENIX Annual Technical Conference (FREENIX track) (2001), pp. 29–42.
48. nd ed. Novel Press, Indianapolis, IN, USA, 2005.
49. MCKUSICK, M. K., BOSTIC, K., KARELS, M. J., AND QUARTERMAN, J. S. The Design and Implementation of the 4.4BSD Operating System. Addison Wesley Longman Publishing Co., Inc., Boston, MA, USA, 1996, ch. Kernel Services, pp. 49–73.
50. st USENIX Annual Technical Conference (USENIX ATC) (1996), pp. 279–294.
51. th Annual Computer Security Applications Conference (ACSAC) (2010), pp. 49–58.
52. PAX. Homepage of The PaX Team. http://pax.grsecurity.net, June 2012.
53. PAX TEAM. UDEREF. http://grsecurity.net/~spender/uderef.txt, April 2007.
54. th IEEE Symposium on Security and Privacy (S&P) (2008), pp. 233–247.
55. th ACM Conference on Computer and Communications Security (CCS) (October 2007), pp. 103–115.
56. th International Symposium on Recent Advances in Intrusion Detection (RAID) (2008), pp. 1–20.
57. th Annual Computer Security Applications Conference (ACSAC) (December 2002), pp. 209–218.
58. SECURITYFOCUS. Xbox 360 Hypervisor Privilege Escalation Vulnerability. http://www.securityfocus.com/archive/1/461489, February 2007.
59. SECURITYFOCUS. BID 36587. http://www.securityfocus.com/bid/36587, October 2009.
60. SECURITYFOCUS. BID 36939. http://www.securityfocus.com/bid/36939, November 2009.
61. SECURITYFOCUS. BID 43060. http://www.securityfocus.com/bid/43060, September 2010.
62. st ACM Symposium on Operating Systems Principles (SOSP) (2007), pp. 335–350.
63. th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS) (2009), pp. 37–48.
64. SPENGLER, B. On exploiting null ptr derefs, disabling SELinux, and silently fixed linux vulns. http://seclists.org/dailydave/2007/q1/224, March 2007.
65. th European Conference on Computer Systems (EuroSys) (2010), pp. 209–222.
66. TINNES, J. Bypassing Linux NULL pointer dereference exploit prevention (mmap_min_addr). http://blog.cr0.org/2009/06/bypassing-linux-null-pointer.html, June 2009.
67. st IEEE Symposium on Security and Privacy (S&P) (2010), pp. 380–395.
68. th ACM Conference on Computer and Communications Security (CCS) (2009), pp. 545–554.
69. WILANDER, J., AND KAMKAR, M. A Comparison of Publicly Available Tools for Dynamic Buffer Overflow Prevention. In Proceedings of the Annual Network & Distributed System Security Symposium (NDSS) (2003).
70. WINEHQ. Run Windows applications on Linux, BSD, Solaris and Mac OS X. http://www.winehq.org, June 2012.
71. th Black Hat USA (2008).
72. th ACM Conference on Computer and Communications Security (CCS) (2011), pp. 29–40.