Validation of code integrity of userspace applications for control flow integrity
Validation of code integrity of userspace applications for control flow integrity
Supervisor(s): | Thomas Kittel |
Status: | finished |
Topic: | Monitoring (VMI etc.) |
Author: | Richard von Seck |
Submission: | 2015-04-15 |
Type of Thesis: | Bachelorthesis |
Proof of Concept | No |
Astract:The verification of code integrity is one major aspect in securing a modern computer system. In the past, several validation strategies have focused on the operating system kernel and its environment using both static and dynamic whitelisting approaches. As there are numerous ways of privilege escalation through programs with decreased privileges, this thesis develops a strategy on dynamically validating code integrity of userspace applications. To accomplish this goal, a secure reconstruction of the loading and linking behaviour as well as live extraction of dynamic kernel information is required. To secure the validating host system against manipulation and data disturbance of possible malware on the target system, the strategy makes use of Virtual Machine Introspection (VMI) to extract the necessary information. The resulting strategy is tested using a proof of concept implementation, which shows, that the strategy is able to expand the conventional validation approaches by executable code regions, subject to indirect dynamic changes. |