博碩士論文 105522056 詳細資訊




以作者查詢圖書館館藏 以作者查詢臺灣博碩士 以作者查詢全國書目 勘誤回報 、線上人數:28 、訪客IP:3.80.218.53
姓名 王建舜(Jian-Shun Wang)  查詢紙本館藏   畢業系所 資訊工程學系
論文名稱
(DFGUARD: A Method for Solving Double-Fetch Vulnerabilities in the Linux Kernel)
相關論文
★ USB WORM KILLER: Cure USB Flash Worms Through a USB Flash Worm★ Discoverer- Rootkit即時偵測系統
★ 一項Android手機上詐騙簡訊的偵測與防禦機制★ SRA系統防禦ARP欺騙劫持路由器
★ 針對遠端緩衝區溢位攻擊之自動化即時反擊系統★ 即時血清系統: 具攻性防壁之自動化蠕蟲治癒系統
★ DNSPD: Entrap Botnets Through DNS Cache Poisoning Detection★ TransSQL: A Translation and Validation-based Solution for SQL-Injection Attacks
★ A Spam Mail-based Solution for Botnet Detection and Network Bandwidth Protection★ Shark: Phishing Information Recycling from Spam Mails
★ FFRTD: Beat Fast-Flux by Response Time Differences★ Antivirus Software Shield against Antivirus Terminators
★ MAC-YURI : My ACcount, YoUr ResponsIbility★ KKBB: Kernel Keylogger Bye-Bye
★ CIDP Treatment: An Innovative Mobile Botnet Covert Channel based on Caller IDs with P8 Treatment★ PrivacyGuard:A Kernel-based Solution to Enhance the User Privacy When Using Private Browsing
檔案 [Endnote RIS 格式]    [Bibtex 格式]    [相關文章]   [文章引用]   [完整記錄]   [館藏目錄]   至系統瀏覽論文 (2023-6-30以後開放)
摘要(中) 在學習多執行緒程式設計 (Multi-Thread Programming) 的時候常常需要注意各執行緒 (thread) 之間是否有互相搶奪資源的狀況產生,也就是發生競爭條件 (Race Condition) 的情況,而 Double-Fetch 則是競爭條件的一個特殊案例。
Double-Fetch,顧名思義就是指兩次獲取資料。獲取這兩次資料的目的有些不同,第一次獲取資料可能是為了檢查資料的合法性,第二次則是正式使用這份資料,這是一種常見的開發思維。
在 Linux 中,不少負責輸出入控制 (I/O) 的系統呼叫 (System Call) 實作中採用了這種思路,系統核心常常會需要讀取使用者端的「特定資料」數次,因而產生一個大問題。由於近代的系統核心都是採用多執行緒 (Multi-Thread) 設計,在這數次的讀取之間,這些「特定資料」若是被某個可疑的執行緒修改,其結果將造成了前後資料的不一致,最終使得系統呼叫的結果出錯。另外,這些「特定資料」是存在於用戶端而非系統端,代表了有心人士可以透過修改這些資料達成控制程式流程,因而造成系統敏感資料外洩、觸發緩衝區溢位攻擊甚至取得系統控制權。
本篇論文提出了 DFGUARD 這套系統,利用 Linux 系統核心 (Kernel) 用於記憶體定址 (Memory Addressing) 的數種元件直接對記憶體進行權限操作,因而阻斷了這些可疑的寫入行為,達到阻止 Double-Fetch 的發生可能性。
摘要(英) When learning Multi-Thread Programming, it is necessary for developers to notice whether there are competing resources between each other, aka a race condition.

Double-Fetch is a special condition of race condition. As its name suggests, Double-Fetch means fetching a resource for two times. The purpose of first fetch usually checks for the legality of the resource, and then the second fetch is the usage. This is a common idea for software development.

In Linux, many of the system call implementations responsible for I/O control use this idea. The system call makes the OS kernel frequently reading the “SPECIFIC DATA” at user space for several times, which causes a big problem. Due to the multithreading design, the value of “SPECIFIC DATA” might be modified by a malicious thread between the several readings. This makes the system call to get the inconsistent value between two reads, and causes an unexpected result. In addition, these “SPECIFIC DATA” exist on user space, which means an attacker can control the process flow by changing these values. Thus, the attacker may get the sensitive data from system, launch a buffer overflow attack or even inject the shell code to get the control of whole system.

This paper presents DFGUARD, a system that uses the components for memory addressing in the Linux Kernel to perform operations of read/write permission. With this technique, DFGUARD can directly block these suspicious writing behaviors, thereby preventing the possibility of Double-Fetch vulnerability.
關鍵字(中) ★ Double-Fetch
★ Linux 系統核心
★ 記憶體定址
★ 權限
關鍵字(英) ★ Double-Fetch
★ Linux Kernel
★ Memory Management
★ Permission
論文目次 中文摘要 i
Abstract iii
誌謝 v
Contents vi
List of Figures ix
List of Tables x
Chapter 1. Introduction 1
Chapter 2. Background 4
2.1 Kernel / User Space 4
2.2 Process in Linux 5
2.2.1 Process Descriptor: task_struct 5
2.2.2 The macro “current” 5
2.3 Memory in Linux 6
2.3.1 Physical Memory & Virtual Memory 6
2.3.2 Linux 4-Level Paging 6
2.3.3 Memory Descriptor: mm_struct 8
2.4 Relationship Chart 11
2.5 System Call 11
2.6 Double Fetch 12
Chapter 3. Related Works 14
3.1 Static Detection 14
3.1.1 Pattern for Double-Fetch in Coccinelle 14
3.1.2 DEADLINE by Symbolic Execution 15
3.2 Dynamic Detection 16
3.2.1 Flush+Reload Attack to detect Double-Fetch 16
3.3 Attack 16
3.3.1 Exploit Principle for Double-Fetch Bugs 16
3.3.2 DECAF 17
3.4 Defense 17
3.4.1 Generic Mitigation of Double-Fetch Bugs 17
3.4.2 DropIt, rely on modern CPU feature 18
Chapter 4. System Design 19
4.1 Purpose and Premise 19
4.2 Design Principle 20
4.3 System Architecture 21
4.3.1 Components in DFGUARD 21
4.3.2 DFGUARD 22
4.3.3 DFGUARD Work Flow 22
Chapter 5. Evaluation 24
5.1 Environment 24
5.2 CVE-2016-6516 24
5.2.1 CVE-2016-6516 Exploit without DFGUARD 26
5.2.2 CVE-2016-6516 Exploit with DFGUARD 27
Chapter 6. Discussion 29
6.1 Future Work 1: Remove Kernel Panic 29
6.2 Future Work 2: Process Resuming 30
6.3 Comparison 31
Chapter 7. Conclusion 32
References 34
參考文獻 Shan Lu, Soyeon Park, Eunsoo Seo and Yuanyuan Zhou, “Learning from Mistakes — A Comprehensive Study on Real World Concurrency Bug Characteristics,” 13th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), 2008.
Fermin. J. Serna, swiat, “MS08-061 : The case of the kernel mode double-fetch,” 10/14/2008, https://blogs.technet.microsoft.com/srd/2008/10/14/ms08-061-the-case-of-the-kernel-mode-double-fetch/. [Accessed on: 07/02/2018].
Pengfei Wang, Jens Krinke, Kai Lu and Gen Li, Steve Dodier-Lazaro, “How Double-Fetch Situations Turn into Double-Fetch Vulnerabilities: A Study of Double Fetches in the Linux Kernel,” Proceedings of the 26th USENIX Security Symposium (Security), 2017.
“Bug 166248 – CAN-2005-2490 sendmsg compat stack overflow,” 08/18/2005, https://bugzilla.redhat.com/show_bug.cgi?id=166248. [Accessed on: 07/04/2018].
Mateusz “j00ru” Jurczyk and Gynvael Coldwind, “Kernel double-fetch race condition exploitation on x86 – further thoughts,” 06/17/2013, https://j00ru.vexillium.org/2013/06/kernel-double-fetch-race-condition-exploitation-on-x86-further-thoughts/. [Accessed on 07/06/2018].
Souhail Hammou, “Exploiting Windows Drivers: Double-fetch Race Condition Vulnerability,” 07/12/2016, https://resources.infosecinstitute.com/exploiting-windows-drivers-double-fetch-race-condition-vulnerability/. [Accessed on 07/04/2018].
Meng Xu, Chenxiong Qian, Kangjie Lu, Michael Backes, Taesoo Kim, “Precise and Scalable Detection of Double-Fetch Bugs in OS Kernels,” IEEE Symposium on Security and Privacy, 2018.
Michael Schwarz, Daniel Gruss, Moritz Lipp, Clementine Maurice, Thomas Schuster, Anders Fogh, Stefan Mangard, “Automated Detection, Exploitation, and Elimination of Double-Fetch Bugs using Modern CPU Features,” ACM ASIA CONFERENCE ON COMPUTER & COMMUNICATIONS SECURITY, 2018.
Pengfei Wang, “CVE-2016-6516-exploit,” 02/26/2018, https://github.com/wpengfei/CVE-2016-6516-exploit. [Accessed on: 07/05/2018].
Kaustubh R. Joshi, “Linux Memory Management,” 04/03/2013, http://www.cs.columbia.edu/~krj/os/lectures/L17-LinuxPaging.pdf. [Accessed on: 07/05/2018].
指導教授 許富皓 審核日期 2018-7-20
推文 facebook   plurk   twitter   funp   google   live   udn   HD   myshare   reddit   netvibes   friend   youpush   delicious   baidu   
網路書籤 Google bookmarks   del.icio.us   hemidemi   myshare   

若有論文相關問題,請聯絡國立中央大學圖書館推廣服務組 TEL:(03)422-7151轉57407,或E-mail聯絡  - 隱私權政策聲明