Open AccessException‐oriented programming: retrofitting code‐reuse attacks to construct kernel malware
Author(s) -
Deng Liang,
Zeng Qingkai
Publication year - 2016
Publication title -
iet information security
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.308
H-Index - 34
eISSN - 1751-8717
pISSN - 1751-8709
DOI - 10.1049/iet-ifs.2015.0372
Subject(s) - code reuse , computer science , malware , reuse , attack surface , code (set theory) , malware analysis , construct (python library) , computer security , linux kernel , kernel (algebra) , operating system , programming language , engineering , software , mathematics , set (abstract data type) , combinatorics , waste management
Commodity operating system kernels are vulnerable to a wide range of attacks due to the large code base and broad attack surface. Mitigation mechanisms such as code signing, W⊕X, and code integrity protection have raised the bar for kernel security. In turn, attack mechanisms have also become increasingly advanced. They have evolved from simple injection of malicious code into more sophisticated code‐reuse attacks [e.g. return‐oriented programming (ROP)]. In this study, the authors describe exception‐oriented programming (EOP), a novel code‐reuse method to construct kernel malware. Unlike previous ROP that can only reuse a limited part of existing code (gadgets), EOP is able to reuse any instruction in existing code and chain the instructions in any order to generate malicious programmes. As a result, EOP can provide the attackers with more powerful capabilities and less complexity for building kernel malware.