Securing the Kernel Via Static Binary Rewriting and Program Shepherding

Recent Microsoft security bulletins show that kernel vulnerabilities are becoming more and more important security threats. Despite the pretty extensive security mitigations many of the kernel vulnerabilities are still exploitable. Successful kernel exploitation typically grants the attacker maximum privilege level and results in total machine compromise. To protect against kernel exploitation, the authors have developed a tool which statically rewrites the Microsoft Windows kernel as well as other kernel level modules. Such rewritten binary files allow one to monitor control flow transfers during operating sys-tem execution. At this point, they are able to detect whether selected control transfer flow is valid or should be considered as an attack attempt.

Provided by: Cornell University Topic: Security Date Added: May 2011 Format: PDF

Find By Topic