From pietro.stroia@gmail.com Tue Jun 10 00:57:25 2014 Date: Fri, 6 Jun 2014 23:46:15 +0200 From: Pietro Stroia To: lss-pc@ext.namei.org Subject: [lss-pc] [CFP - LSS 2014] Security focused kernel patch Dear Sir or Madam, my name is Pietro Stroia, I graduated recently at Sapienza University of Rome and I'm writing to submit the idea underlying my thesis work. I developed a security-focused patch for the Linux kernel 3.2.51, IA-32 only. I worked on tricking simple LKMs using a randomization based approach, which, seeming to me, no-one has really used in practice. The main idea is to save the true address of some kernel structures (e.g. the IDT) at early boot time and then present a fake structure that will be later destroyed when a malicious module is trying to hot-patch the kernel. It was and still is just a proof-of-concept, it's not complete and was never intended or developed to be mainlined, but nevertheless I found funny to have that modules believe they had patched correctly the kernel. I am attaching a small video that will hopefully explain better what I achieved. It basically shows what happens when a malicious module tries to modify the system call handler. I'd be more than delighted if you will find this work worth looking into and I can provide also the final PDF of my thesis if needed. Thank you for your consideration and I apologize very much if this email does not qualify for a valid submission. Best regards, Pietro Stroia [ Part 2, Video/MP4 (Name: "YASI.mp4") 728 KB. ] [ Unable to print this part. ] [ Part 3: "Attached Text" ] _______________________________________________ lss-pc mailing list lss-pc@ext.namei.org https://ext.namei.org/mailman/listinfo/lss-pc