Back To Schedule
Friday, October 30 • 15:00 - 15:45
Bypassing Many Kernel Protections Using Elastic Objects - Yueqi Chen & Zhepeng Lin, Ph.D. Students

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
We will analyze an anecdotal exploit that demonstrates the capability of bypassing KASLR, using an elastic object in the Linux kernel implementation. We justify this exploit could be abstracted and extended as a general exploitation practice. First, the Linux kernel contains a large number of such elastic objects, by using which, nearly any kernel vulnerabilities (with an overwriting capability) could enable the adversary to easily bypass heap cookie protector, KASLR, stack canary, and even realize an arbitrary read attack. Second, we show that Linux is not the only kernel using these objects for implementation. Other OS kernels, e.g., XNU, also adopt the same practice. Third, we conclude that elastic kernel objects are perilous as they provide a new, general approach to breaking existing protection mechanisms, and thus new defense should be designed as a part of kernel hardening.

avatar for Yueqi Chen

Yueqi Chen

PhD student, Penn State University
Yueqi Chen received his B.Sc degree from Nanjing University in 2017 and is currently a PhD Student with Dr. Xinyu Xing at Pennsylvania State University. He was awarded the IBM PhD Fellowship 2020. His research focuses on OS security and vulnerability analysis. He is particularly interested... Read More →
avatar for Zhenpeng Lin

Zhenpeng Lin

PhD student, Penn State University
Zhenpeng Lin is a PhD student advised by Dr. Xinyu Xing at Pennsylvania State University. His research focuses on vulnerability discovery and exploitation. His work was published at CCS 2020. In addition, he plays CTF a lot. As a core member of Nu1L, he won 1st place in BCTF 2017... Read More →

Friday October 30, 2020 15:00 - 15:45 GMT
LSS Theater
  Linux Security Summit (LSS)