1 / 12

Constant Gardener

Constant Gardener. Technical Overview. Overview. Server focused security tool The clients primary goal is to prevent privilege escalation attacks. We’ll achieve this using the DynamoRIO API to modify processes as they run. Users.

tania
Télécharger la présentation

Constant Gardener

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ConstantGardener Technical Overview

  2. Overview • Server focused security tool • The clients primary goal is to prevent privilege escalation attacks. • We’ll achieve this using the DynamoRIO API to modify processes as they run.

  3. Users • The intended targets for this product are system administrators. • A system administrator will be able to make use of Constant Gardener to provide extra protection for specific processes that may be vulnerable to privilege escalation attacks.

  4. Use Case • A system administrator will run a script • That script will initiate the target process and inject our client • Everything else should be transparent

  5. What it’s NOT • Constant Gardener will not be for general purpose end-user use. • It will not be for personal computing systems • It will not provide general OS protection against all incoming attacks

  6. Functional Requirements • Must build a control flow graph of the target binary • The control flow graph must be accessible indefinitely and protected from memory corruption or overwrite attacks • Must intercept system calls made by the target process • Must validate the system calls by comparing the path to the system call against the CFG

  7. Functional Requirements • Must allow or deny the system call based on above comparison • Must protect memory to prevent corruption of protection abilities • Must not noticeably affect performance- this is for use on front-facing applications

  8. High-level Flow

  9. CFG Construction

  10. Interception

  11. Memory Protection

  12. Questions?

More Related