TUM Logo

Validation of code integrity of userspace applications for control flow integrity

The verification of code integrity is one major aspect in securing a modern computer system. In the past, several validation strategies have focused on the operating system kernel and its environment using both static and dynamic whitelisting approaches. As there are numerous ways of privilege escalation through programs with decreased privileges, this thesis develops a strategy on dynamically validating code integrity of userspace applications. To accomplish this goal, a secure reconstruction of the loading and linking behaviour as well as live extraction of dynamic kernel information is required. To secure the validating host system against manipulation and data disturbance of possible malware on the target system, the strategy makes use of Virtual Machine Introspection (VMI) to extract the necessary information. The resulting strategy is tested using a proof of concept implementation, which shows, that the strategy is able to expand the conventional validation approaches by executable code regions, subject to indirect dynamic changes.

Validation of code integrity of userspace applications for control flow integrity

Supervisor(s): Thomas Kittel
Status: finished
Topic: Monitoring (VMI etc.)
Author: Richard von Seck
Submission: 2015-04-15
Type of Thesis: Bachelorthesis
Proof of Concept No

Astract:

The verification of code integrity is one major aspect in securing a modern computer system. In the past, several validation strategies have focused on the operating system kernel and its environment using both static and dynamic whitelisting approaches. As there are numerous ways of privilege escalation through programs with decreased privileges, this thesis develops a strategy on dynamically validating code integrity of userspace applications. To accomplish this goal, a secure reconstruction of the loading and linking behaviour as well as live extraction of dynamic kernel information is required. To secure the validating host system against manipulation and data disturbance of possible malware on the target system, the strategy makes use of Virtual Machine Introspection (VMI) to extract the necessary information. The resulting strategy is tested using a proof of concept implementation, which shows, that the strategy is able to expand the conventional validation approaches by executable code regions, subject to indirect dynamic changes.