nach oben

Erschienen in:

2014 | OriginalPaper | Buchkapitel

13. ‘Weird Machine’ Patterns

verfasst von : Sergey Bratus, Julian Bangert, Alexandar Gabrovsky, Anna Shubina, Michael E. Locasto, Daniel Bilar

Erschienen in: Cyberpatterns

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

You do not understand how your program really works until it has been exploited. We believe that computer scientists and software engineers should regard the activity of modern exploitation as an applied discipline that studies both the actual computational properties and the practical computational limits of a target platform or system. Exploit developers study the computational properties of software that are not studied elsewhere, and they apply unique engineering techniques to the challenging engineering problem of dynamically patching and controlling a running system. These techniques leverage software and hardware composition mechanisms in unexpected ways to achieve such control. Although unexpected, such composition is not arbitrary, and it forms the basis of a coherent engineering workflow. This chapter contains a top-level overview of these approaches and their historical development.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel A Method for Resolving Security Vulnerabilities Through the Use of Design Patterns

Nächstes Kapitel Towards a Simulation of Information Security Behaviour in Organisations

It also serves as an excellent teaching aid in advanced OS courses; see, e.g., [4].

This fact was not well understood by most engineers or academics, who regarded below-compiler OS levels as unpredictable; Stephanie Forrest deserves credit for putting this and other misconceptions into broader scientific perspective.

Which it pre-dates, together with other hacker descriptions of the technique, by five to seven years.

http://pax.grsecurity.net/

http://www.openwall.com/Owl/

http://www.joestewart.org/ollybone/

Bratus S, Locasto ME, Patterson ML, Sassaman L, Shubina A. Exploit programming: from buffer overflows to “weird machines” and theory of computation. login: Dec 2011.

Shacham H. The geometry of innocent flesh on the bone: return-into-libc without function calls (on the \(\times 86\)). In: Proceedings of the 14th ACM conference on computer and communications security, CCS ’07. New York: ACM; p. 552–561.

Roemer R, Buchanan E, Shacham H, Savage S. Return-oriented programming: systems, languages, and applications. ACM Trans Inf Syst Secur. 2012;15(1):2:1–2:34.

Dan R. Anatomy of a remote kernel exploit. http://www.cs.dartmouth.edu/- sergey/cs108/2012/Dan-Rosenberg-lecture.pdf (2011).

Holler C, Herzig K, Zeller A. Fuzzing with code fragments. In: Proceedings of the 21st USENIX conference on security symposium, Security’12. Berkeley: USENIX Association; 2012. p. 38–38.

Caballero Juan, Song Dawn. Automatic protocol reverse-engineering: message format extraction and field semantics inference. Comput Netw. 2013;57(2):451–74.CrossRef

Samuel M, Erlingsson Ú. Let’s parse to prevent pwnage invited position paper. In: Proceedings of the 5th USENIX conference on Large-scale exploits and emergent threats, LEET’12, Berkeley, USA: USENIX Association; 2012. p. 3–3.

Jana s, Shmatikov V. Abusing file processing in malware detectors for fun and profit. In: IEEE symposium on security and privacy’12; 2012. p. 80–94.

Xi W, Haogang C, Alvin C, Zhihao J, Nickolai Z, Kaashoek MF. Undefined behavior: what happened to my code? In: Proceedings of the Asia-Pacific workshop on systems, APSYS’12. New York, USA: ACM; 2012. p. 9:1–9:7.

10.

Dullien T. Exploitation and state machines: programming the “weird machine”, revisited. In: Infiltrate conference, Apr 2011.

11.

Sassaman L, Patterson ML, Bratus S, Locasto ME, Shubina A. Security applications of formal language theory. Dartmouth College: Technical report; 2011.

12.

Shapiro R, Bratus S, Smith SW. “Weird machines” in ELF: a Spotlight on the underappreciated metadata. In: 7th USENIX workshop of offensive technologies. https://www.usenix.org/system/files/conference/woot13/woot13-shapiro.pdf. 2013

13.

Cesare. S. Shared library call redirection via ELF PLT, Infection. Dec 2000.

14.

Sd, Devik. Linux On-the-fly Kernel patching without LKM, Dec 2001.

15.

Mayhem. Understanding Linux ELF RTLD internals. http://s.eresi-project.org/inc/articles/elf-rtld.txt (2002).

16.

Nergal. The advanced return-into-lib(c) Exploits: PaX Case Study. Phrack Mag. 2001;58(4).

17.

Oakley J, Sergey B. Exploiting the hard-working dwarf: Trojan and exploit techniques with no native executable code. In WOOT. 2011. p. 91–102.

18.

Skape. Locreate: an anagram for relocate. Uninformed. 2007;6.

19.

Sotirov A. Heap feng shui in javascript. In: Blackhat; 2007.

20.

Redpantz. The art of exploitation: MS IIS 7.5 remote heap overflow. Phrack Mag. 68(12), Apr 2012.

21.

Huku, Argp. The art of exploitation: exploiting VLC, a jemalloc case study. Phrack Maga. 2012;68(13).

22.

Ferguson J. Advances in win32 aslr evasion, May 2011.

23.

Bilar D. On callgraphs and generative mechanisms. J Comput Virol. 2007;3(4).

24.

Richarte D. About exploits writing. Core security technologies presentation 2002.

25.

Gera, Riq. Advances in format string exploitation. Phrack Mag. 2002;59(7).

26.

One A. Smashing the stack for fun and profit. Phrack 1996;49:14. http://phrack.org/issues.html?issue=49&id=14.

27.

Palmers. Sub proc\_root auando sumus (Advances in Kernel hacking). Phrack 2001;58:6. http://phrack.org/issues.html?issue=58&id=6.

28.

Palmers. 5 Short stories about execve (advances in Kernel hacking II). Phrack 2002;59:5. http://phrack.org/issues.html?issue=59&id=5.

29.

Rutkowski JK. Execution path analysis: finding Kernel based rootkits. Phrack 2002;59:10. http://phrack.org/issues.html?issue=59&id=10.

30.

Cesare S. Runtime Kernel kmem patching. 1998. http://althing.cs.dartmouth.edu/local/vsc07.html.

31.

Mayhem. IA32 advanced function hooking. Phrack 2001;58:8. http://phrack.org/issues.html?issue=58&id=8.

32.

Klog. Backdooring binary objects. Phrack 2000;56:9. http://phrack.org/issues.html?issue=56&id=9.

33.

The Grugq. Cheating the ELF: subversive dynamic linking to libraries, 2000.

34.

Mayhem. Understanding Linux ELF RTLD Internals, 2002. http://s.eresi-project.org/inc/articles/elf-rtld.txt.

35.

Grugq, Scut. Armouring the ELF: binary encryption on the UNIX platform. Phrack ; 2001;58:5. http://phrack.org/issues.html?issue=58&id=5.

36.

Rutkowska J. Passive covert channels implementation in Linux Kernel. 21st chaos communications congress, 2004. http://events.ccc.de/congress/2004/fahrplan/files/319-passive-covert-channels-slides.pdf.

37.

(Anonymous author). Runtime process infection. Phrack 20025;9:8. http://phrack.org/issues.html?issue=59&id=8.

38.

Kad. Handling interrupt descriptor table for fun and profit. Phrack 2002;59:4. http://phrack.org/issues.html?issue=59&id=4.

39.

Buffer. Hijacking Linux page fault handler exception table. Phrack 2003;61:7. http://phrack.org/issues.html?issue=61&id=7.

40.

Desclaux F, Kortchinsky K. Skype V. REcon. http://www.recon.cx/en/f/vskype-part1.pdf (2006).

41.

Sparks S, Butler J. “Shadow Walker”: Raising the bar for rootkit detection. BlackHat; 2005. http://www.blackhat.com/presentations/bh-jp-05/bh-jp-05-sparks-butler.pdf.

42.

Bangert J, Bratus S, Rebecca S, Sean WS. The page-fault weird machine: lessons in instruction-less computation. In: 7th USENIX workshop of offensive technologies. Aug 2013. https://www.usenix.org/system/files/conference/woot13/woot13-bangert.pdf.

Titel: ‘Weird Machine’ Patterns
verfasst von: Sergey Bratus
Julian Bangert
Alexandar Gabrovsky
Anna Shubina
Michael E. Locasto
Daniel Bilar
Verlag: Springer International Publishing
Buch: Cyberpatterns
Print ISBN: 978-3-319-04446-0

Electronic ISBN: 978-3-319-04447-7

Copyright-Jahr: 2014
DOI: https://doi.org/10.1007/978-3-319-04447-7_13

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner