2024年3月,国科大密码学院王跃武研究员指导学生,在2024 5th International Conference on Information Security and Privacy Protection(ICISPP 2024)会议发表了题为“KPDP: Kernel Permission Data Protection Against Data-oriented Attacks”的研究论文,提出了一种通过保护内核权限数据以抵御面向数据攻击的方案。并于2024年7月13日,在ICISPP 2024会议现场(南京)对该研究工作做全英文报告。该研究工作得到了国家重点研发计划(2022YFB3103301)的支持。
Abstract Data-oriented attacks are increasingly becoming a practical and effective way to bypass the access control mechanisms in the modern operating system. Attackers exploit the memory corruption vulnerability to conduct a data-oriented attack aimed at the non-control data used in the access control model (hereafter referred to as “Permission Data”) for privilege escalation. However, a practical and effective mitigation scheme against Data-oriented attacks in the kernel remains an open problem. In this paper, we provide a solution called KPDP, a Kernel Permission Data Protection (KPDP) mechanism that protects different types of kernel permission data against data-oriented attacks leveraging virtualization technology. KPDP enforces the integrity of kernel permission structures and their pointers. It isolates kernel permission data to a read-only memory region and restricts memory access to structure and pointer based on specific policies. The security analysis results show that KPDP is effective in preventing privilege escalation against data-oriented attacks.
论文信息:Shouyin Xu , Lingguang Lei , Yuewu Wang and Heqing Huang: " KPDP: Kernel Permission Data Protection Against Data-oriented Attacks," in IEEE International Conference on Information Security and Privacy Protection (ICISPP 2024), ISBN: 979-8-3503-5091-3.(EI)
