カーネル空間への宝探し:Linuxカーネルでの攻撃可能な構造体の探索 [ ja ]
Deep-Kernel Treasure Hunt: Finding exploitable structures in the Linux kernel [ en ]
藤原氏はリチェルカセキュリティに所属するセキュリティリサーチャーで、Binary exploitation(pwn)が好きだといいます。
Fujiwaraーsan is a security researcher at Ricerca Security and he expresses a keen interest in binary exploitation, also known as "pwn.”
Heap-based vulnerabilities pose a common and serious security issue, particularly in kernel space where they can have significant impacts. However, finding the appropriate structures to exploit these bugs is challenging in large software or binaries without source code. Existing static and dynamic approaches struggle with accurately identifying allocations and are not applicable to binaries without source code, making it difficult to determine if an attacker can control the allocations. To overcome this, He proposes a new method using a Ghidra script called "MALTIES," which has successfully identified exploit-friendly structures within the Linux kernel according to the size of the kmalloc cache.
Q1. 今回、カンファレンスで発表する研究を始めたきっかけを教えてください。
A1. Kernel exploit中に困ったことを調査したら、意外に良い既存手法がなかったため研究し始めました。年齢的にCODE BLUEのU25枠が今年で最後のチャンスだったため、応募しました。
Q2. 研究の過程でどのような点で苦労しましたか?
A2. Linux kernelを対象に研究を始めましたが、内容自体はソフトウェア全般に使えるのでなるべく汎用的な手法にしようと思いました。大規模なソフトウェアやソースコードのない検体にも適用できるよう設計する点が苦労しました。
Q3. CODE BLUEの参加者、参加を検討している人に向けてメッセージをお願いします。
A3. 私自身アカデミックな研究とは無縁でカンファレンス発表すら初めてなので、面白い研究を発表したい意欲のある方は、発表経験の有無に関わらず是非応募してみてください。
Q1. How did you initiate your journey into the topic that you are presenting?
A1. When I encountered difficulties during a kernel exploit investigation, I began researching because there were surprisingly no good existing methods available. Considering my age, this year was my last chance to apply for the CODE BLUE U25 category, so I decided to submit my application.
Q2 What were some challenges you faced during this research?
I began my research with the Linux kernel as the target, but since the content itself is applicable to software in general, I aimed to make the method as versatile as possible. Designing it to be applicable to large software and specimens without source code was a challenge.
Q3 What message would you like to convey to those considering attending this talk?
A3. For attendees and those considering participating in CODE BLUE, I have a message. Although I myself am not affiliated with academic research and this is my first time presenting at a conference, if you have a desire to present interesting research, I encourage you to apply regardless of whether you have presentation experience.