In about three weeks I will be presenting “Protecting the Core: Kernel Exploitation Mitigations” at Black Hat Europe 2011 in Barcelona, Spain. This is joined work with Dimitris Glynos at Census, Inc. Our abstract follows:
The exploitation of operating system kernel vulnerabilities has received a great deal of attention lately. In userland most generic exploitation approaches have been defeated by countermeasure technologies. Contrary to userland protections, exploitation mitigation mechanisms for kernel memory corruptions have not been widely adopted. Recently this has started to change. Most operating system kernels have started to include countermeasures against NULL page mappings, stack and heap corruptions, as well as for other vulnerability classes. At the same time, researchers have concentrated on developing ways to bypass certain kernel protections on various operating systems. This presentation will describe in detail the state-of-the-art in kernel exploitation mitigations adopted (or not) by various operating systems (Windows, Linux, Mac OS X, FreeBSD) and mobile platforms (iOS, Android). Moreover, it will also provide approaches, notes, hints and references to existing work for bypassing some of these kernel protections.
This talk basically collects our joined experiences in dealing with and researching kernel exploitation mitigations during kernel exploit development on various operating systems. Unfortunately Dimitris will not be able to travel to Barcelona, so I will present the talk alone. You can follow me on Twitter to get updates relevant to our talk and our research in general. I am really looking forward to travel to Barcelona (again) and meet all the great people participating in Black Hat.
The title of our talk (Protecting the Core: Kernel Exploitation Mitigations) is, of course, a wordplay on the Phrack article “Attacking the Core: Kernel Exploiting Notes” by twiz and sgrakkyu. Their article focused on kernel attacks, while our talk focuses on the kernel defenses employed by popular operating systems. twiz and sgrakkyu have also written a highly recommended book on the attack side of things which greatly expands their Phrack article, namely A Guide to Kernel Exploitation: Attacking the Core.