Download
constant gardener n.
Skip this Video
Loading SlideShow in 5 Seconds..
Constant Gardener PowerPoint Presentation
Download Presentation
Constant Gardener

Constant Gardener

165 Vues Download Presentation
Télécharger la présentation

Constant Gardener

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. ConstantGardener Technical Overview

  2. Overview • Server focused security tool • The clients primary goal is to prevent privilege escalation attacks. • We’ll achieve this using the DynamoRIO API to modify processes as they run.

  3. Users • The intended targets for this product are system administrators. • A system administrator will be able to make use of Constant Gardener to provide extra protection for specific processes that may be vulnerable to privilege escalation attacks.

  4. Use Case • A system administrator will run a script • That script will initiate the target process and inject our client • Everything else should be transparent

  5. What it’s NOT • Constant Gardener will not be for general purpose end-user use. • It will not be for personal computing systems • It will not provide general OS protection against all incoming attacks

  6. Functional Requirements • Must build a control flow graph of the target binary • The control flow graph must be accessible indefinitely and protected from memory corruption or overwrite attacks • Must intercept system calls made by the target process • Must validate the system calls by comparing the path to the system call against the CFG

  7. Functional Requirements • Must allow or deny the system call based on above comparison • Must protect memory to prevent corruption of protection abilities • Must not noticeably affect performance- this is for use on front-facing applications

  8. High-level Flow

  9. CFG Construction

  10. Interception

  11. Memory Protection

  12. Questions?