MRMCD 2017

Attacking the Kernel with Non-control Data Attacks
2017-09-03, 13:00–13:50, Prachtgarten

In this talk, an overview of memory attacks will be presented. Particularly, non-control data attacks will be discussed and examples provided. In contrast to traditional attacks, non-control data attacks do not alter the control flow of the kernel but rather manipulate data structures, which makes it both hard to detect and to prevent.

As protection and detection mechanisms, such as code integrity validation (CIV) and control flow integrity (CFI), are increasingly advancing, traditional code corruption and code hijacking attacks become difficult. Consequently, other attack techniques emerge. One of those techniques attacks the integrity of the system without manipulating the control-flow or the kernel's code segment and therefore circumvents current defense mechanisms. Such attacks are referred to as non-control data or data-only attacks.