{"title":"允许应用程序通过从受损驱动程序发起的攻击来运行","authors":"Shengzhi Zhang, Peng Liu","doi":"10.1145/2414456.2414510","DOIUrl":null,"url":null,"abstract":"With the rapid prevalence of E-Commerce, MMO and social networking, the demand on service availability and continuity is increasingly crucial to production servers or data centers. Hence, software failure recovery systems are thoroughly studied. However, stimulated by significant commercial revenue, attackers begin trying to evade the existing auditing/recovering techniques by manipulating the service applications through the compromised kernel. Nowadays, device drivers account for more than half (could be as high as 70%) of the source code of most commodity operating system kernels, with much more exploitable vulnerabilities than other kernel code [2]. This renders the attackers the opportunity to exploit the driver vulnerability and leverage the kernel privilege of the compromised drivers. With the unrestricted access to the whole (kernel/user) memory address space, successful attackers can launch denial of service attack by incurring driver fault, manipulating critical code/data or even the metadata of the service application process.","PeriodicalId":72308,"journal":{"name":"Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2012-05-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Letting applications operate through attacks launched from compromised drivers\",\"authors\":\"Shengzhi Zhang, Peng Liu\",\"doi\":\"10.1145/2414456.2414510\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"With the rapid prevalence of E-Commerce, MMO and social networking, the demand on service availability and continuity is increasingly crucial to production servers or data centers. Hence, software failure recovery systems are thoroughly studied. However, stimulated by significant commercial revenue, attackers begin trying to evade the existing auditing/recovering techniques by manipulating the service applications through the compromised kernel. Nowadays, device drivers account for more than half (could be as high as 70%) of the source code of most commodity operating system kernels, with much more exploitable vulnerabilities than other kernel code [2]. This renders the attackers the opportunity to exploit the driver vulnerability and leverage the kernel privilege of the compromised drivers. With the unrestricted access to the whole (kernel/user) memory address space, successful attackers can launch denial of service attack by incurring driver fault, manipulating critical code/data or even the metadata of the service application process.\",\"PeriodicalId\":72308,\"journal\":{\"name\":\"Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2012-05-02\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/2414456.2414510\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2414456.2414510","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Letting applications operate through attacks launched from compromised drivers
With the rapid prevalence of E-Commerce, MMO and social networking, the demand on service availability and continuity is increasingly crucial to production servers or data centers. Hence, software failure recovery systems are thoroughly studied. However, stimulated by significant commercial revenue, attackers begin trying to evade the existing auditing/recovering techniques by manipulating the service applications through the compromised kernel. Nowadays, device drivers account for more than half (could be as high as 70%) of the source code of most commodity operating system kernels, with much more exploitable vulnerabilities than other kernel code [2]. This renders the attackers the opportunity to exploit the driver vulnerability and leverage the kernel privilege of the compromised drivers. With the unrestricted access to the whole (kernel/user) memory address space, successful attackers can launch denial of service attack by incurring driver fault, manipulating critical code/data or even the metadata of the service application process.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
