[1]刘松,秦晓军. Linux内核漏洞异步触发模型的安全分析[J].计算机技术与发展,2017,27(11):123-127.
 LIU Song,QIN Xiao-jun. Security Analysis on Asynchronous Triggering Model of Linux Kernel Vulnerability[J].,2017,27(11):123-127.
点击复制

 Linux内核漏洞异步触发模型的安全分析()
分享到:

《计算机技术与发展》[ISSN:1006-6977/CN:61-1281/TN]

卷:
27
期数:
2017年11期
页码:
123-127
栏目:
安全与防范
出版日期:
2017-11-10

文章信息/Info

Title:
 Security Analysis on Asynchronous Triggering Model of Linux Kernel Vulnerability
文章编号:
1673-629X(2017)11-0123-05
作者:
 刘松秦晓军
 江南计算技术研究所
Author(s):
 LIU SongQIN Xiao-jun
关键词:
 Linux内核漏洞SMEP间接寻址异步触发模型
Keywords:
 Linux kernel vulnerabilitySMEPindirect addressingasynchronous triggering model
分类号:
TN915.08
文献标志码:
A
摘要:
 近年来,由于Linux系统中越来越多防御机制(例如NX,ASLR,Canary)的出现,用户态漏洞的利用已经十分困难,而Linux内核漏洞逐渐受到关注.内核内存破坏是一种典型的内核攻击技术,攻击者通过特定的函数调用控制内核内存,进而达到权限提升的目的.SMEP是一种有效抑制内核内存破坏攻击的安全机制,使传统的ret2usr内核攻击方法失效.现有两种绕过SMEP机制的技术途径,分别为ret2dir技术和清除SMEP标志技术,均具有各自的局限性.文中发现了一种绕过SMEP安全机制的异步触发内核漏洞新模型,该模型利用函数的间接寻址原理异步触发漏洞,对于内存破坏的内核漏洞更具有普遍适用性.应用VMware虚拟机测试Ubuntu 16上的netfilter漏洞,并利用内核崩溃分析工具和VMware远程调试工具分析崩溃现场和调试内核,以验证异步触发模型的有效性.实验结果表明,所发现的新模型是一种危害严重的漏洞利用模型.
Abstract:
 In recent years,more and more defense mechanisms like NX,ASLR,Canary make it difficult to exploit user vulnerabilities in Linux system. On the contrary,Linux kernel vulnerabilities have been getting attention. Kernel memory corruption is a typical kernel at-tack technique. Attackers can control kernel memory by calling special functions,even privilege escalation. SMEP security is an effective mechanism to suppress kernel memory corruption attacks,making the traditional ret2usr attack useless. Ret2dir and clear SMEP flag are two kinds of technologies to bypass SMEP,however,they both have their limitation. A new model is found to bypass SMEP,which can exploit the kernel vulnerability asynchronously with the principle of indirect addressing,and it is more effective to the kernel vulnerabili-ties of memory corruption. To verify its effectiveness,the netfilter vulnerability of Ubuntu 16 on VMware is tested,then the crash snapshot and debug kernel are analyze with kernel crash and VMware remote debug tools. The experimental results show that it is a serious exploit model.

相似文献/References:

[1]张志宏,吴庆波,邵立松,等.基于飞腾平台TOE协议栈的设计与实现[J].计算机技术与发展,2014,24(07):1.
 ZHANG Zhi-hong,WU Qing-bo,SHAO Li-song,et al. Design and Implementation of TCP/IP Offload Engine Protocol Stack Based on FT Platform[J].,2014,24(11):1.
[2]梁文快,李毅. 改进的基因表达算法对航班优化排序问题研究[J].计算机技术与发展,2014,24(07):5.
 LIANG Wen-kuai,LI Yi. Research on Optimization of Flight Scheduling Problem Based on Improved Gene Expression Algorithm[J].,2014,24(11):5.
[3]黄静,王枫,谢志新,等. EAST文档管理系统的设计与实现[J].计算机技术与发展,2014,24(07):13.
 HUANG Jing,WANG Feng,XIE Zhi-xin,et al. Design and Implementation of EAST Document Management System[J].,2014,24(11):13.
[4]侯善江[],张代远[][][]. 基于样条权函数神经网络P2P流量识别方法[J].计算机技术与发展,2014,24(07):21.
 HOU Shan-jiang[],ZHANG Dai-yuan[][][]. P2P Traffic Identification Based on Spline Weight Function Neural Network[J].,2014,24(11):21.
[5]李璨,耿国华,李康,等. 一种基于三维模型的文物碎片线图生成方法[J].计算机技术与发展,2014,24(07):25.
 LI Can,GENG Guo-hua,LI Kang,et al. A Method of Obtaining Cultural Debris’ s Line Chart Based on Three-dimensional Model[J].,2014,24(11):25.
[6]翁鹤,皮德常. 混沌RBF神经网络异常检测算法[J].计算机技术与发展,2014,24(07):29.
 WENG He,PI De-chang. Chaotic RBF Neural Network Anomaly Detection Algorithm[J].,2014,24(11):29.
[7]刘茜[],荆晓远[],李文倩[],等. 基于流形学习的正交稀疏保留投影[J].计算机技术与发展,2014,24(07):34.
 LIU Qian[],JING Xiao-yuan[,LI Wen-qian[],et al. Orthogonal Sparsity Preserving Projections Based on Manifold Learning[J].,2014,24(11):34.
[8]尚福华,李想,巩淼. 基于模糊框架-产生式知识表示及推理研究[J].计算机技术与发展,2014,24(07):38.
 SHANG Fu-hua,LI Xiang,GONG Miao. Research on Knowledge Representation and Inference Based on Fuzzy Framework-production[J].,2014,24(11):38.
[9]叶偲,李良福,肖樟树. 一种去除运动目标重影的图像镶嵌方法研究[J].计算机技术与发展,2014,24(07):43.
 YE Si,LI Liang-fu,XIAO Zhang-shu. Research of an Image Mosaic Method for Removing Ghost of Moving Targets[J].,2014,24(11):43.
[10]余松平[][],蔡志平[],吴建进[],等. GSM-R信令监测选择录音系统设计与实现[J].计算机技术与发展,2014,24(07):47.
 YU Song-ping[][],CAI Zhi-ping[] WU Jian-jin[],GU Feng-zhi[]. Design and Implementation of an Optional Voice Recording System Based on GSM-R Signaling Monitoring[J].,2014,24(11):47.

更新日期/Last Update: 2017-12-26