Parallelly Refill SLUB Objects Freed in Slow Paths: An Approach to Exploit the Use-After-Free Vulnerabilities in Linux Kernel

机译：在慢速路径中释放并行重新填充单轴对象：一种利用Linux内核的无缺水漏洞的方法

获取原文

页面导航

摘要
著录项
相似文献
相关主题

摘要

Recently since exploiting vulnerabilities in user application is becoming very difficult, vulnerabilities in Linux kernel have been paid more and more attention, especially the use-after-free vulnerabilities gained the most focus. However, there lacks a completion theory to exploit use-after-free vulnerabilities. The key to exploit UAF vulnerability is how to refill the freed object, because those days that the space just freed will be occupied firstly is gone. We propose a strategy to exploit the use-after-free vulnerabilities by continuously allocating objects. And to promote the efficiency and success rate, we present a technique by parallelly refilling objects with multiple threads and monitor. We also make a simulation experiment to verify the effectiveness of our theory. At last we give some mitigations to this attack.

机译：最近，由于利用用户应用程序的漏洞正在变得非常困难，因此Linux内核中的漏洞已经获得了越来越多的关注，尤其是使用余额漏洞最焦点。但是，缺乏剥削使用缺失的漏洞的完工理论。利用UAF漏洞的关键是如何重新填充释放物体，因为那些空间刚刚释放的日子将被占用。我们提出了一种通过不断分配对象来利用无缺水漏洞的策略。为促进效率和成功率，我们通过平行重新填充具有多个线程和监视器的对象来提出一种技术。我们还进行了模拟实验，以验证我们理论的有效性。最后，我们对此攻击提供了一些缓解。

著录项

来源
《International Conference on Parallel and Distributed Computing, Applications and Technologies》|2016年|1 v.|共4页
会议地点
作者
Liu Song; Qin Xiao-Jun;
展开▼
作者单位

展开▼
会议组织
原文格式 PDF
正文语种
中图分类程序设计、软件工程;
关键词
Slabs; Kernel; Linux; Resource management; Computers; Monitoring; Aerospace electronics;

机译：板坯;内核;Linux;资源管理;电脑;监控;航空航天电子;

相似文献

外文文献
中文文献
专利

1. Static Detection of Use-After-Free Vulnerability in Binaries via Constrained Path-Sensitive Value-Set Analysis [J] . Wu Tianjun, Yang Yuexiang Basic & clinical pharmacology & toxicology. . 2019,第S1期

机译：通过受约束路径敏感值分析静态检测二进制文件中的使用后使用漏洞
2. Static Detection of Use-After-Free Vulnerability in Binaries via Constrained Path-Sensitive Value-Set Analysis [J] . Wu Tianjun, Yang Yuexiang Basic & clinical pharmacology & toxicology. . 2019,第S3期

机译：通过受约束路径敏感值分析静态检测二进制文件中的使用后使用漏洞
3. A conflict-free, path-level parallelization approach for sequential simulation algorithms [J] . Rasera Luiz Gustavo, Machado Pericles Lopes, Costa Joao Felipe C. L. Computers & geosciences . 2015,第jula期

机译：顺序仿真算法的无冲突，路径级并行化方法
4. Parallelly Refill SLUB Objects Freed in Slow Paths: An Approach to Exploit the Use-After-Free Vulnerabilities in Linux Kernel [C] . Liu Song, Qin Xiao-Jun International Conference on Parallel and Distributed Computing, Applications and Technologies . 2016

机译：通过慢速路径释放的并行重新填充SLUB对象：一种利用Linux内核中的“使用后释放”漏洞的方法
5. An Empirical Study on Use-after-free Vulnerabilities [D] . Steenkamer, Benjamin P. 2019

机译：无缺水漏洞的实证研究
6. An Efficient Bayesian Approach to Exploit the Context of Object-Action Interaction for Object Recognition [O] . Sungbaek Yoon, Hyunjin Park, Juneho Yi 2016

机译：一种有效的贝叶斯方法来利用对象-动作交互的上下文进行对象识别
7. Undangle: early detection of dangling pointers in use-after-free and double-free vulnerabilities [O] . Juan Caballero, Gustavo Grieco, Mark Marron 2012

机译：解除悬挂：提早发现释放后和双重释放漏洞中的悬空指针

Parallelly Refill SLUB Objects Freed in Slow Paths: An Approach to Exploit the Use-After-Free Vulnerabilities in Linux Kernel

摘要

著录项

相似文献

相关主题

期刊订阅