MRMCD 2017

Attacking the Kernel with Non-control Data Attacks
03.09.2017 , Prachtgarten
Language: English

In this talk, an overview of memory attacks will be presented. Particularly, non-control data attacks will be discussed and examples provided. In contrast to traditional attacks, non-control data attacks do not alter the control flow of the kernel but rather manipulate data structures, which makes it both hard to detect and to prevent.


As protection and detection mechanisms, such as code integrity validation (CIV) and control flow integrity (CFI), are increasingly advancing, traditional code corruption and code hijacking attacks become difficult. Consequently, other attack techniques emerge. One of those techniques attacks the integrity of the system without manipulating the control-flow or the kernel's code segment and therefore circumvents current defense mechanisms. Such attacks are referred to as non-control data or data-only attacks.

Tobias is a German Free Software advocate, former member of the GNOME Foundation's Board of Directors, and Pythonista. He acquired a Masters degree in Security and Forensic computing from Dublin, is now working in the area of applied cryptography, and loves to build and break stuff. Especially making security systems usable and bringing them to the masses.

This speaker also appears in: