在慢路径释放的并行填充SLUB对象:一种利用Linux内核中释放后使用漏洞的方法

2016 17th International Conference on Parallel and Distributed Computing, Applications and Technologies (PDCAT) Pub Date : 2016-12-01 DOI:10.1109/PDCAT.2016.088

Liu Song, Qin Xiao-Jun

{"title":"在慢路径释放的并行填充SLUB对象:一种利用Linux内核中释放后使用漏洞的方法","authors":"Liu Song, Qin Xiao-Jun","doi":"10.1109/PDCAT.2016.088","DOIUrl":null,"url":null,"abstract":"Recently since exploiting vulnerabilities in user application is becoming very difficult, vulnerabilities in Linux kernel have been paid more and more attention, especially the use-after-free vulnerabilities gained the most focus. However, there lacks a completion theory to exploit use-after-free vulnerabilities. The key to exploit UAF vulnerability is how to refill the freed object, because those days that the space just freed will be occupied firstly is gone. We propose a strategy to exploit the use-after-free vulnerabilities by continuously allocating objects. And to promote the efficiency and success rate, we present a technique by parallelly refilling objects with multiple threads and monitor. We also make a simulation experiment to verify the effectiveness of our theory. At last we give some mitigations to this attack.","PeriodicalId":203925,"journal":{"name":"2016 17th International Conference on Parallel and Distributed Computing, Applications and Technologies (PDCAT)","volume":"22 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Parallelly Refill SLUB Objects Freed in Slow Paths: An Approach to Exploit the Use-After-Free Vulnerabilities in Linux Kernel\",\"authors\":\"Liu Song, Qin Xiao-Jun\",\"doi\":\"10.1109/PDCAT.2016.088\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Recently since exploiting vulnerabilities in user application is becoming very difficult, vulnerabilities in Linux kernel have been paid more and more attention, especially the use-after-free vulnerabilities gained the most focus. However, there lacks a completion theory to exploit use-after-free vulnerabilities. The key to exploit UAF vulnerability is how to refill the freed object, because those days that the space just freed will be occupied firstly is gone. We propose a strategy to exploit the use-after-free vulnerabilities by continuously allocating objects. And to promote the efficiency and success rate, we present a technique by parallelly refilling objects with multiple threads and monitor. We also make a simulation experiment to verify the effectiveness of our theory. At last we give some mitigations to this attack.\",\"PeriodicalId\":203925,\"journal\":{\"name\":\"2016 17th International Conference on Parallel and Distributed Computing, Applications and Technologies (PDCAT)\",\"volume\":\"22 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-12-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2016 17th International Conference on Parallel and Distributed Computing, Applications and Technologies (PDCAT)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/PDCAT.2016.088\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 17th International Conference on Parallel and Distributed Computing, Applications and Technologies (PDCAT)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/PDCAT.2016.088","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

摘要

近年来，由于利用用户应用程序中的漏洞变得越来越困难，Linux内核中的漏洞越来越受到人们的关注，特别是免费后使用的漏洞受到了人们的关注。然而，目前还缺乏一个完备的理论来利用use-after-free漏洞。利用UAF漏洞的关键是如何重新填充释放的对象，因为刚刚释放的空间首先被占用的日子已经一去不复返了。我们提出了一种通过连续分配对象来利用use-after-free漏洞的策略。为了提高填充对象的效率和成功率，提出了一种多线程并行填充对象和监控的方法。并通过仿真实验验证了理论的有效性。最后，我们给出了一些缓解这种攻击的措施。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Parallelly Refill SLUB Objects Freed in Slow Paths: An Approach to Exploit the Use-After-Free Vulnerabilities in Linux Kernel

Recently since exploiting vulnerabilities in user application is becoming very difficult, vulnerabilities in Linux kernel have been paid more and more attention, especially the use-after-free vulnerabilities gained the most focus. However, there lacks a completion theory to exploit use-after-free vulnerabilities. The key to exploit UAF vulnerability is how to refill the freed object, because those days that the space just freed will be occupied firstly is gone. We propose a strategy to exploit the use-after-free vulnerabilities by continuously allocating objects. And to promote the efficiency and success rate, we present a technique by parallelly refilling objects with multiple threads and monitor. We also make a simulation experiment to verify the effectiveness of our theory. At last we give some mitigations to this attack.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2016 17th International Conference on Parallel and Distributed Computing, Applications and Technologies (PDCAT)

自引率

0.00%

发文量