以作者查詢圖書館館藏

、以作者查詢臺灣博碩士

、以作者查詢全國書目

、勘誤回報

、線上人數：16

、訪客IP：3.17.150.163

姓名	黃建瑋(Chi-Wei Huang)  查詢紙本館藏	畢業系所	資訊工程學系
論文名稱	(Libra: A Compatible Method for Defending Against Arbitrary Memory Overwrite)
相關論文	★ USB WORM KILLER: Cure USB Flash Worms Through a USB Flash Worm ★ Discoverer- Rootkit即時偵測系統 ★ 一項Android手機上詐騙簡訊的偵測與防禦機制 ★ SRA系統防禦ARP欺騙劫持路由器 ★ A Solution for Detecting and Defending ARP Spoofing on Virtual Machines ★ 針對遠端緩衝區溢位攻擊之自動化即時反擊系統 ★ 即時血清系統: 具攻性防壁之自動化蠕蟲治癒系統 ★ DNSPD: Entrap Botnets Through DNS Cache Poisoning Detection ★ TransSQL: A Translation and Validation-based Solution for SQL-Injection Attacks ★ A Spam Mail-based Solution for Botnet Detection and Network Bandwidth Protection ★ Shark: Phishing Information Recycling from Spam Mails ★ FFRTD: Beat Fast-Flux by Response Time Differences ★ Antivirus Software Shield against Antivirus Terminators ★ MAC-YURI : My ACcount, YoUr ResponsIbility ★ KKBB: Kernel Keylogger Bye-Bye ★ CIDP Treatment: An Innovative Mobile Botnet Covert Channel based on Caller IDs with P8 Treatment
檔案	[Endnote RIS 格式]    [Bibtex 格式]    [相關文章]   [文章引用]   [完整記錄]   [館藏目錄]   [檢視]  [下載] 本電子論文使用權限為同意立即開放。 已達開放權限電子全文僅授權使用者為學術研究之目的，進行個人非營利性質之檢索、閱讀、列印。 請遵守中華民國著作權法之相關規定，切勿任意重製、散佈、改作、轉貼、播送，以免觸法。
摘要(中)	Linux Kernel 的弱點數目在2013年達到高峰，更勝過去自1991年以來的弱點數目。本篇論文關注於Privilege Escalation攻擊類型中任意寫入memory的防禦方式。 為了防止惡意的User拿到Root權限。最簡單的方法，當然就是把內核中的敏感資料結構設為唯讀。但是我們不確定未來內核是否有需要須改這些敏感的資料結構，所以我們在唯讀與可寫中取一個折衷的方法。 本論文所談論到的方法不僅僅，可以使用在以上的問題，更可以推廣到系統中有某一重要記憶體值，需要在某一安全範圍內更改，而不能只是單純的設定為唯讀。
摘要(英)	There have been more vulnerabilities in the Linux Kernel in 2013 than there had been in the previous decade. In this paper, the research was focused on defending against arbitrary memory overwrites in Privilege Escalation. To avoid malicious users getting root authority. The easiest way is to set the sensitive data structure to read-only. But we are not sure the sensitive data structure will never be modified by legal behavior from a normal device driver; thus, we posed a compatible solution between read-only solutions and writable solutions to enhance compatibility. The main idea that we posed not only solves the above problem, but also the general problem which is ensuring that important memory values can only be changed within a safe range. It is not just set to read-only.
關鍵字(中)	★ Linux Kernel Vulnerabilities ★ Exploit ★ Privilege Escalation	關鍵字(英)	★ Linux Kernel Vulnerabilities ★ Exploit ★ Privilege Escalation
論文目次	Abstract iii 誌謝 iv Contents v List of Figures vii List of Tables viii Chapter 1 Introduction 1 1.1 Statistics of Vulnerabilities and Exploits 3 1.2 Attack Principle 5 Chapter 2 Mechanisms of Attack and Analysis 8 2.1 At the Second Step 8 2.2 Kernel Data Structures to Overwrite 9 Chapter 3 Related Work 10 3.1 Attacks Research 10 3.2 Defense Research 12 Chapter 4 Proposed Solution: Libra 13 4.1 Protection through Paging in x86 architecture 13 4.2 Background of the Page Fault Handler in Linux 14 4.3 A Case Study in CVE-2013-2094 with Read-only patch 15 4.4 Check the Compatibility 17 4.5 System Design 18 Chapter 5 Implementation 23 Chapter 6 Evaluation 25 6.1 Compatible Comparison 25 6.2 Performance 29 Chapter 7 Conclusion and Future Work 31 7.1 Conclusion 31 7.2 Future Work 32 REFERENCE 33 APPENDIX A : Linux Memory Layout 37 APPENDIX B : A Case Study : CVE-2013-2094 38 B.1 In perf_swevent_init 39 B.2 In sw_perf_event_destroy 40 B.3 Attacks Layout 40 APPENDIX C : A Case Study : CVE-2013-2094 on x86 41 C.1 Modify the ptmx_fops 41 C.2 Attacks layout 41
參考文獻	[1] perf_event_open exploit AT&T ICS Galaxy Note I717, http://pastebicom/TLK9Qrgi [2] Linux Kernel: Vulnerability Statistics http://www.cvedetails.com/product/47/Linux-Linux-Kernel.html?vendor_id=33 [3] https://jon.oberheide.org/files/stackjacking-hes11.pdf [4] https://github.com/jonoberheide/stackjacking [5] x86: Use a read-only IDT alias on all CPUs, http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4eefbe792baedb474e256d35370849992fcf1c79 [6] The Rootkit Arsenal: Escape and Evasion , Part I, p75 [7] http://code.woboq.org/linux/linux/arch/x86/mm/fault.c.html#do_page_fault [8] The Linux Kernel’s Memory Management Unit API, William Gatliff, p3, http://www.stillhq.com/pdfdb/000446/data.pdf [9] http://code.woboq.org/linux/linux/arch/x86/mm/fault.c.html#1059 [10] http://code.woboq.org/linux/linux/arch/x86/mm/fault.c.html# no_context [11] Paging, http://wiki.osdev.org/Paging [12] Park Yeongung. RGBDroid: A Novel Response-based Approach to Android Privilege Escalation Attacks. In Leet ’12, 2012. [13] https://wiki.ubuntu.com/KeesCook [14] JIANG, X. Security alert: New sophisticated android malware droidkungfu found in alternative Chinese app market. http://www.csc.ncsu.edu/faculty/jiang/DroidKungFu.html. [15] JIANG, X. Gingermaster: First android malware utilizing a root exploit on android 2.3 (gingerbread). http://www.cs.ncsu.edu/faculty/jiang/GingerMaster/ [16] SECURITY, L. M. Lookout mobile security technical tear down droiddream. Tech. rep., Lookout Mobile Security, 03 2011. [17] Intel® 64 and IA-32 Architectures Software Developer’s Manual Volume 3 (3A, 3B & 3C):System Programming Guide, Vol. 3A 6-17. http://www.intel.com/content/dam/www/public/us/en/documents/manuals/64-ia-32-architectures-software-developer-system-programming-manual-325384.pdf [18] The entry in IDT table of definition in Linux Kernel. http://code.woboq.org/linux/linux/arch/x86/include/asm/desc_defs.h.html [19] Linux 64bit memory layout, /Documentation/x86/x86_64/mm.txt [20] A Guide to Kernel Exploitation: Attacking the Core [21] http://code.woboq.org/linux/linux/arch/x86/kernel/traps.c.html#780 [22] exploit-db, http://www.exploit-db.com [23] packet storm. All things security. http://packetstormsecurity.com/ [24] perf tutorial, https://perf.wiki.kernel.org/index.php/Tutorial [25] Hijacking Linux Page Fault Handler, http://phrack.org/issues/61/7.html#article [26] A Linux Memory Trick, http://vulnfactory.org/blog/2013/02/06/a-linux-memory-trick/ [27] Linux kernel exploit研究和探索 http://www.xfocus.net/projects/Xcon/2002/Xcon2002_alert7_e4gle.pdf [28] Exploit Linux Kernel Slub Overflow, wzt, http://hi.baidu.com/wzt85/item/fb0fedea00636d3986d9ded9 [29] http://timetobleed.com/a-closer-look-at-a-recent-privilege-escalation-bug-in-linux-cve-2013-2094/ [30] CVE-2013-2094 porting to x86-32, http://pastebin.com/mMn3QvuR [31] CVE-2013-2094 exploit for Android, https://github.com/android-rooting-tools/android_run_root_shell [32] Ubuntu 12.04.0-2LTS x64 - perf_swevent_init Kernel Local Root Exploit, http://www.exploit-db.com/exploits/33589/ [33] CSAW CTF 2013 Kernel Exploitation Challenge, http://poppopret.org/2013/11/20/csaw-ctf-2013-kernel-exploitation-challenge/ [34] Kernel address space layout randomization , http://lwn.net/Articles/569635/ [35] A Heap of Trouble: Breaking the Linux Kernel SLOB Allocator, Dan Rosenberg http://vsecurity.com/download/papers/slob-exploitation.pdf [36] https://github.com/offensive-security/exploit-database [37] http://cxsecurity.com/exploit/ [38] http://direct.exploitsdownload.com/ [39] http://packetstormsecurity.com/
指導教授	許富皓(Fu-Hau Hsu)	審核日期	2014-7-31
推文	facebook   plurk   twitter   funp   google   live   udn   HD   myshare   reddit   netvibes   friend   youpush   delicious   baidu
網路書籤	Google bookmarks   del.icio.us   hemidemi   myshare