Shiva -- Advancing the programmability and security of the Linux userland runtime.

Presented at ToorCamp 2022, July 14, 2022, 1 p.m. (50 minutes).

"Shiva" A modern look into advancing the state of Linux process runtime hardening against exploitation by introducing a modular programming environment for the design and implementation of new security technologies without the need for compile-time instrumentation. One example demonstrates a Shiva module which implements backwards edge control flow integrity to prevent stack corruption exploits. The technology is fast, dynamic, and offers developers the programmatic insight and control to build quality software security features. This talk we will be discussing a technology that I call Shiva. It is an innovative approach to expanding the programmability and security of the Linux userland runtime. Shiva is a sophisticated program that functions as a custom "program interpreter" for loading and executing modules into the process address space at runtime. Think "LKM's for userland". This talk will focus primarily on the use of Shiva for the design and integration of security modules which harden programs against exploitation at runtime. We will explore the Shiva API, and demonstrate it's capabilities with several modules that mitigate exploitation attacks, and a module which implements a process sandbox to harden against general attempts at privilege escalation. Shiva allows the programmer to have full command over the process address space, with a flexible and innovative API that allows developers to rapidly design new security technologies and mitigation features without the need for compile-time instrumentation. Moreover, we will cover the fascinating internals of the Shiva runtime environment, and see how it can also be used as a standalone tracing engine to accomplish complex debugging and instrumentation tasks, such as function tracing, software profiling, and reverse engineering hardened binaries.

Presenters:

  • Ryan O'Neill / elfmaster as elfmaster
    I have been into the computer security scene since about 1998, and have since developed an interest in exploitation, reverse engineering, software development, system internals and beyond. A good chunk of my research can be found at https://www.bitlackeys.org, and https://github.com/elfmaster -- I have published in phrack magazine, vxheaven, POC||GTFO, and am currently working on a whitepaper with VirginiaTech University. I have a passion for hacking, and designing new security technologies, especially as they pertain to kernel internals, binary formats, and runtime instrumentation. Coding is the act of creation, and I love innovating.

Links:

Similar Presentations: