Presented at
Black Hat USA 2020 Virtual,
Aug. 6, 2020, 1:30 p.m.
(40 minutes).
<p>A kernel race condition vulnerability is difficult to exploit, because thread interleaving is non-deterministic and cannot be controlled. Thus, conventional exploitation techniques against kernel races simply attempt to brute force, i.e., keep exploiting the race in hopes that the execution orders happen to be indeed racing. However, we observed that many kernel races cannot be exploited through brute forcing including three recent Linux kernel race vulnerabilities, because the chance to race is virtually zero.</p><p>This presentation introduces a new kernel race condition exploitation technique. The key idea behind our new race exploitation technique is to tame the thread execution order based on the clear understanding of the kernel’s thread interleaving mechanism. With our new exploitation techniques, we demonstrate how three Linux kernel races can be successfully exploited within 10-100 seconds, all of which were not exploitable given in 24 hours through simple brute forcing.</p>
Presenters:
-
Yoochan Lee
- Master Student, Seoul National University
Yoochan Lee is a masters student in Electrical and Computer Engineering at Seoul National University (SNU). He is interested in exploit, pwnable and kernel security.
-
Byoungyoung Lee
- Professor, Seoul National University
Byoungyoung Lee is an Assistant Professor in Electrical and Computer Engineering at Seoul National University (SNU). He is interested in all computer security and privacy related problems in general. In particular, his research focus is on system security, e.g., designing and implementing secure systems in operating systems, compilers, or applications (sometimes in hardware layers as well).
-
Changwoo Min
- Professor, Virginia Tech
to be updated
Links:
Similar Presentations: