论文信息 - Security Identifier Randomization: A Method to Prevent Kernel Privilege-Escalation Attacks

Security Identifier Randomization: A Method to Prevent Kernel Privilege-Escalation Attacks

Privilege escalation attack is one of the serious threats to Linux. So the protection of the root user is an important requirement for Linux systems and SELinux has tackled this issue in some degree. But by exploiting kernel privilege-escalation vulnerabilities, the attackers can tamper security identifiers allocated for the process's security contexts, which are the foundation of SELinux enforcing access control. So we propose security identifier randomization method, which can increase the difficulty of kernel privilege-escalation attacks. This method is application transparent and its influence on overall system performance is within 1%.

[1] Crispan Cowan,et al. StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks , 1998, USENIX Security Symposium.

[2] Sven Vermeulen. SELinux System Administration , 2013 .

[3] Ismael Ripoll,et al. On the Effectiveness of NX, SSP, RenewSSP, and ASLR against Stack Buffer Overflows , 2014, 2014 IEEE 13th International Symposium on Network Computing and Applications.

[4] Rüdiger Kapitza,et al. Quantifiable Run-Time Kernel Attack Surface Reduction , 2014, DIMVA.

[5] Yunyong Teng-Amnuay,et al. Misuse for Security Hardening Assessment in Application Software Deployment , 2012 .

[6] Wenliang Du,et al. Compac: enforce component-level access control in android , 2014, CODASPY '14.

[7] Ahmad-Reza Sadeghi,et al. Just-In-Time Code Reuse: On the Effectiveness of Fine-Grained Address Space Layout Randomization , 2013, 2013 IEEE Symposium on Security and Privacy.

[8] Ricardo J. Rodríguez,et al. Detection of Intrusions and Malware, and Vulnerability Assessment , 2016, Lecture Notes in Computer Science.

[9] Adrian Perrig,et al. SecVisor: a tiny hypervisor to provide lifetime kernel code integrity for commodity OSes , 2007, SOSP.

[10] Trent Jaeger,et al. Integrity walls: finding attack surfaces from mandatory access control policies , 2012, ASIACCS '12.

[11] Somesh Jha,et al. Automatic placement of authorization hooks in the linux security modules framework , 2005, CCS '05.