Video Converter
Audio Converter
Image Converter
PDF Converter
File Compressor
subverting operating system properties through

Subverting Operating System Properties through Evolutionary DKOM - PowerPoint PPT Presentation

Nov 01, 2023 •474 likes •708 views

Subverting Operating System Properties through Evolutionary DKOM Attacks Mariano Graziano, Lorenzo Flore, Andrea Lanzi, Davide Balzarotti Cisco Systems, Inc. Universita degli Studi di

  1. Subverting Operating System Properties through Evolutionary DKOM Attacks Mariano ¡Graziano, ¡Lorenzo ¡Flore, ¡Andrea ¡Lanzi, ¡Davide ¡Balzarotti ¡ Cisco ¡Systems, ¡Inc. ¡ Universita’ ¡degli ¡Studi ¡di ¡Milano ¡ Eurecom ¡ DIMVA ¡2016 ¡-­‑ ¡San ¡Sebastian, ¡Spain ¡

  2. TRADITIONAL DKOM ATTACKS EPROCESS EPROCESS EPROCESS

  3. TRADITIONAL DKOM ATTACKS EPROCESS EPROCESS EPROCESS

  4. TRADITIONAL DKOM DEFENSES ‣ Kernel data integrity solutions: ‣ invariants ‣ external systems ‣ memory analysis ‣ data partitioning

  5. EVOLUTIONARY DKOM ATTACKS data structure of interest Time

  6. EVOLUTIONARY DKOM ATTACKS Violation of a temporal property

  7. EVOLUTIONARY DKOM ATTACKS Violation of a temporal property the attack cannot b e d e t e c t e d looking at a single snapshot

  8. STATE VS PROPERTY Traditional DKOM affects the state and are ‣ discrete ‣ Evolutionary DKOM (E-DKOM) affects the evolution in time of a given property and are continuous

  9. THREAT MODEL ‣ Attacker has access to ring0 ‣ Malicious code not detectable by current solutions ‣ Attacker cannot modify kernel code and attack the VMM

  10. EXAMPLE: LINUX CFS SCHEDULER

  11. SUBVERTING THE SCHEDULER target

  12. SUBVERTING THE SCHEDULER target right most

  13. SUBVERTING THE SCHEDULER Set ¡target vruntime ¡ > ¡rightmost vruntime ¡ target right most

  14. SUBVERTING THE SCHEDULER We affected the evolution of the data structure over time. We altered the scheduler property (fair execution). target target

  15. ATTACK EVALUATION ‣ Temporarily block an IDS or Antivirus ‣ Temporarily block Inotify

  16. DEFENSES? ‣ Reference monitor that mimics the OS property: ‣ OS specific ‣ Difficult to generalize

  17. DEFENSE FRAMEWORK

  18. DEFENSE FRAMEWORK

  19. DEFENSE FRAMEWORK

  20. OVERHEAD Normal ¡operations Stress ¡test

  21. CONCLUSIONS ‣ New DKOM attack based on data structures evolution ‣ Experiment on the Linux CFS scheduler ‣ Defense solution based on hypervisor ‣ General mitigation/solution very hard

  22. QUESTIONS? Mariano Graziano magrazia@cisco.com @emd3l

Recommend

Subverting OpenID: Intro to Net::OpenID::Server Abram Hindle Kitchener/Waterloo Perl Mongers

Subverting OpenID: Intro to Net::OpenID::Server Abram Hindle Kitchener/Waterloo Perl Mongers

Subverting OpenID: Intro to Net::OpenID::Server Subverting OpenID: Intro to Net::OpenID::Server Abram Hindle Kitchener/Waterloo Perl Mongers Canada http://softwareprocess.es/ abram.hindle@softwareprocess.es Abram Hindle 1 Subverting

394 views • 21 slides
Subverting System Authentication With Context-Aware, Reactive Virtual Machine Introspection

Subverting System Authentication With Context-Aware, Reactive Virtual Machine Introspection

Background Detailed Design Implementation Evaluation Related Work Summary Subverting System Authentication With Context-Aware, Reactive Virtual Machine Introspection Yangchun Fu , Zhiqiang Lin, Kevin Hamlen Department of Computer Science The

817 views • 52 slides
Chapter 3: Operating-System Structures System Components Operating System Services

Chapter 3: Operating-System Structures System Components Operating System Services

Chapter 3: Operating-System Structures System Components Operating System Services System Calls System Programs System Structure Virtual Machines System Design and Implementation System Generation Operating System

590 views • 20 slides
Chapter 3: Operating-System Structures System Components Operating System Services

Chapter 3: Operating-System Structures System Components Operating System Services

Chapter 3: Operating-System Structures System Components Operating System Services System Calls System Programs System Structure Virtual Machines System Design and Implementation System Generation Operating System

986 views • 39 slides
Cloaking Order in Chaos Subverting the Linux RNG via the Xen hypervisor Jeremy Erickson

Cloaking Order in Chaos Subverting the Linux RNG via the Xen hypervisor Jeremy Erickson

Cloaking Order in Chaos Subverting the Linux RNG via the Xen hypervisor Jeremy Erickson Timothy Trippel Andrew Quinn Motivation Overview Nation State Adversary (NSA) Sophisticated, huge resources, not limited by law

341 views • 18 slides
Invasion of the Cognitive Scientists: Subverting College Astronomy Stephanie Slater Director

Invasion of the Cognitive Scientists: Subverting College Astronomy Stephanie Slater Director

Invasion of the Cognitive Scientists: Subverting College Astronomy Stephanie Slater Director Center for Astronomy & Physics Education Research Center for Astronomy & Physics Education Research International, multi-institution

225 views • 18 slides
Seditious Libel Sedition: 1) advocacy or action with the goal of subverting or overthrowing the

Seditious Libel Sedition: 1) advocacy or action with the goal of subverting or overthrowing the

Seditious Libel Sedition: 1) advocacy or action with the goal of subverting or overthrowing the government, but falling short of treason; 2) publishing or broadcasting any statement that brings the government or its officials into disrepute,

353 views • 10 slides
Hiding @ Depth: Exploring & Subverting NAND Flash memory Josh m0nk Thomas (A DARPA CFT

Hiding @ Depth: Exploring & Subverting NAND Flash memory Josh m0nk Thomas (A DARPA CFT

Hiding @ Depth: Exploring & Subverting NAND Flash memory Josh m0nk Thomas (A DARPA CFT Project by MonkWorks, LLC) RIP 4.1.13 - Long Live CFT Thx Mudge Saturday, June 22, 13 My Path, And You Can Too! Saturday, June 22, 13 My Path,

379 views • 16 slides
A BAD DREAM: SUBVERTING TRUSTED PLATFORM MODULE WHILE YOU ARE SLEEPING Seunghun Han, Wook Shin,

A BAD DREAM: SUBVERTING TRUSTED PLATFORM MODULE WHILE YOU ARE SLEEPING Seunghun Han, Wook Shin,

A BAD DREAM: SUBVERTING TRUSTED PLATFORM MODULE WHILE YOU ARE SLEEPING Seunghun Han, Wook Shin, Jun-Hyeok Park, and HyoungChun Kim, National Security Research Institute BACKGROUND Trusted Computing Group (TCG) Trusted Platform Module

383 views • 19 slides
Subverting algorithmic policies of sonic control in Nicolas Collinss Broken Light (1992) Dr

Subverting algorithmic policies of sonic control in Nicolas Collinss Broken Light (1992) Dr

This research is supported by the IRC Government of Ireland Postdoctoral Fellowship programme. Subverting algorithmic policies of sonic control in Nicolas Collinss Broken Light (1992) Dr Eamonn Bell Presented at Department of Music

586 views • 45 slides
Hiding @ Depth: Exploring & Subverting NAND Flash memory Josh m0nk Thomas (A DARPA CFT

Hiding @ Depth: Exploring & Subverting NAND Flash memory Josh m0nk Thomas (A DARPA CFT

Hiding @ Depth: Exploring & Subverting NAND Flash memory Josh m0nk Thomas (A DARPA CFT Project by MonkWorks, LLC) RIP 4.1.13 - Long Live CFT Thx Mudge Saturday, June 22, 13 ./whoami (m0nk) Applied Research Scientist @ Accuvant

395 views • 35 slides
Web Course Web Course Physical Properties of Glass Physical Properties of Glass 1. Properties

Web Course Web Course Physical Properties of Glass Physical Properties of Glass 1. Properties

Web Course Web Course Physical Properties of Glass Physical Properties of Glass 1. Properties of Glass Melts 1. Properties of Glass Melts 2. Thermal Properties of Glasses 2. Thermal Properties of Glasses Richard K. Brow Missouri University

1.07k views • 63 slides
Web Course Web Course Physical Properties of Glass Physical Properties of Glass 1. Properties

Web Course Web Course Physical Properties of Glass Physical Properties of Glass 1. Properties

Web Course Web Course Physical Properties of Glass Physical Properties of Glass 1. Properties of Glass Melts 1. Properties of Glass Melts 2. Thermal Properties of Glasses 2. Thermal Properties of Glasses Richard K. Brow Missouri University

693 views • 57 slides
Module 3: Operating-System Structures System Components Operating-System Services

Module 3: Operating-System Structures System Components Operating-System Services

' $ Module 3: Operating-System Structures System Components Operating-System Services System Calls System Programs System Structure Virtual Machines System Design and Implementation System Generation & %

592 views • 13 slides
Module 3: Operating-System Structures System Components Operating System Services

Module 3: Operating-System Structures System Components Operating System Services

Module 3: Operating-System Structures System Components Operating System Services System Calls System Programs System Structure Virtual Machines System Design and Implementation System Generation Silberschatz and

717 views • 35 slides
Operating System Basics CS 111 Operating Systems Peter Reiher Lecture 2 CS 111 Page 1 Spring

Operating System Basics CS 111 Operating Systems Peter Reiher Lecture 2 CS 111 Page 1 Spring

Operating System Basics CS 111 Operating Systems Peter Reiher Lecture 2 CS 111 Page 1 Spring 2015 Outline Important properties for an operating system Critical abstractions for operating systems System services Lecture 2 CS 111

1.13k views • 73 slides
201 VERDE Mussetter Testimony: - Verde River fits in 3b or 3a category. - Braided rivers can be

201 VERDE Mussetter Testimony: - Verde River fits in 3b or 3a category. - Braided rivers can be

201 VERDE Mussetter Testimony: - Verde River fits in 3b or 3a category. - Braided rivers can be navigable. Fuller Rebuttal Slides p. 1 Q2 @ Clarkdale = 6600 cfs Q10 @ Tangle Ck = 61,000 cfs Fuller Rebuttal Slides p. 2 Where are the

582 views • 17 slides
MODELING THE FUNCTIONAL ARCHITECTURE OF HUMAN DECISION MAKING (11RH08COR) PI: Dr. Robert E.

MODELING THE FUNCTIONAL ARCHITECTURE OF HUMAN DECISION MAKING (11RH08COR) PI: Dr. Robert E.

MODELING THE FUNCTIONAL ARCHITECTURE OF HUMAN DECISION MAKING (11RH08COR) PI: Dr. Robert E. Patterson (AFRL) Senior Personnel: Dr. Alan Boydstun Dr. Christine Covas-Smith Dr. Lisa Tripp AFOSR Program Review: Cognition, Decision, and

349 views • 33 slides
Cache-based attack on AES Mikal Fourrier Contribution of this paper Get the secret key from

Cache-based attack on AES Mikal Fourrier Contribution of this paper Get the secret key from

Cache-based attack on AES Mikal Fourrier Contribution of this paper Get the secret key from AES in 3s + 3min Very weak assumptions No known plaintext needed No special rights needed, only to be able to spawn and control threads

378 views • 16 slides
CEE 370 Environmental Engineering Principles Lecture #24 Water Quality Management II: Rivers

CEE 370 Environmental Engineering Principles Lecture #24 Water Quality Management II: Rivers

CEE 370 Lecture #24 11/4/2019 Print version Updated: 4 November 2019 CEE 370 Environmental Engineering Principles Lecture #24 Water Quality Management II: Rivers Reading: Mihelcic & Zimmerman, Chapter 7 (7.7 focus) Reading: Davis

952 views • 26 slides
On Utilization of Contributory On Utilization of Contributory Storage in Desktop Grids Storage

On Utilization of Contributory On Utilization of Contributory Storage in Desktop Grids Storage

On Utilization of Contributory On Utilization of Contributory Storage in Desktop Grids Storage in Desktop Grids Chreston Miller , Ali R. Butt, and Patrick Butler Department of Computer Science Contributory Storage: Cheap Contributory Storage:

692 views • 30 slides
Machine Learning applied to Process definitions Our target: CFS Scheduling What can we do ?

Machine Learning applied to Process definitions Our target: CFS Scheduling What can we do ?

Machine Learning applied to Process Scheduling Benoit Zanotti Introduction and Machine Learning applied to Process definitions Our target: CFS Scheduling What can we do ? Results and analysis Benoit Zanotti Conclusion

370 views • 35 slides
How to Evolve Kubernetes Resource Management Model Jiaying Zhang (github.com/jiayingz) June

How to Evolve Kubernetes Resource Management Model Jiaying Zhang (github.com/jiayingz) June

How to Evolve Kubernetes Resource Management Model Jiaying Zhang (github.com/jiayingz) June 26th, 2019 Why you may want to listen to this talk as an app developer You know how to use it when you see it Need to read user manual, carefully

662 views • 39 slides
CS 423 Operating System Design: Scheduling in Linux Professor Adam Bates Spring 2017 CS

CS 423 Operating System Design: Scheduling in Linux Professor Adam Bates Spring 2017 CS

CS 423 Operating System Design: Scheduling in Linux Professor Adam Bates Spring 2017 CS 423: Operating Systems Design Goals for Today Learning Objective: Understand inner workings of modern OS schedulers Announcements, etc:

792 views • 30 slides

More recommend

Explore More Topics

Stay informed with curated content and fresh updates.

animals pets art culture automotive transportation business finance computer internet construction architecture education-career electronics communication

Logo Sambuz

Unleash a World of Digital Possibilities—Browse, Share, and Explore Content Without Boundaries

Useful Links

About Us Privacy Services FAQ's Contact

Newsletter

Stay Informed & Inspired—Subscribe for the Latest Updates, Tips, and Exclusive Content Directly to Your Inbox.

Mail Us

mail@sambuz.com

2026 SAMBUZ, All right reserved.