计算机技术与发展2017,Vol.27Issue(11):123-127,5.DOI:10.3969/j.issn.1673-629X.2017.11.027
Linux内核漏洞异步触发模型的安全分析
Security Analysis on Asynchronous Triggering Model of Linux Kernel Vulnerability
摘要
Abstract
In recent years,more and more defense mechanisms like NX,ASLR,Canary make it difficult to exploit user vulnerabilities in Linux system. On the contrary,Linux kernel vulnerabilities have been getting attention. Kernel memory corruption is a typical kernel at-tack technique. Attackers can control kernel memory by calling special functions,even privilege escalation. SMEP security is an effective mechanism to suppress kernel memory corruption attacks,making the traditional ret2usr attack useless. Ret2dir and clear SMEP flag are two kinds of technologies to bypass SMEP,however,they both have their limitation. A new model is found to bypass SMEP,which can exploit the kernel vulnerability asynchronously with the principle of indirect addressing,and it is more effective to the kernel vulnerabili-ties of memory corruption. To verify its effectiveness,the netfilter vulnerability of Ubuntu 16 on VMware is tested,then the crash snapshot and debug kernel are analyze with kernel crash and VMware remote debug tools. The experimental results show that it is a serious exploit model.关键词
Linux内核漏洞/SMEP/间接寻址/异步触发模型Key words
Linux kernel vulnerability/SMEP/indirect addressing/asynchronous triggering model分类
信息技术与安全科学引用本文复制引用
刘松,秦晓军..Linux内核漏洞异步触发模型的安全分析[J].计算机技术与发展,2017,27(11):123-127,5.基金项目
国家自然科学基金资助项目(91430214) (91430214)
