USENIX Security '24 - SCAVY: Automated Discovery of Memory Corruption Targets in Linux Kernel for... скачать в хорошем качестве
USENIX Security '24 - SCAVY: Automated Discovery of Memory Corruption Targets in Linux Kernel for...
1 год назад
Не удается загрузить Youtube-плеер. Проверьте блокировку Youtube в вашей сети.
Повторяем попытку...
Повторяем попытку...
Скачать видео с ютуб по ссылке или смотреть без блокировок на сайте: USENIX Security '24 - SCAVY: Automated Discovery of Memory Corruption Targets in Linux Kernel for... в качестве 4k
У нас вы можете посмотреть бесплатно USENIX Security '24 - SCAVY: Automated Discovery of Memory Corruption Targets in Linux Kernel for... или скачать в максимальном доступном качестве, видео которое было загружено на ютуб. Для загрузки выберите вариант из формы ниже:
-
Информация по загрузке:
Скачать mp3 с ютуба отдельным файлом. Бесплатный рингтон USENIX Security '24 - SCAVY: Automated Discovery of Memory Corruption Targets in Linux Kernel for... в формате MP3:
Если кнопки скачивания не
загрузились
НАЖМИТЕ ЗДЕСЬ или обновите страницу
Если возникают проблемы со скачиванием видео, пожалуйста напишите в поддержку по адресу внизу
страницы.
Спасибо за использование сервиса ClipSaver.ru
USENIX Security '24 - SCAVY: Automated Discovery of Memory Corruption Targets in Linux Kernel for...
SCAVY: Automated Discovery of Memory Corruption Targets in Linux Kernel for Privilege Escalation Erin Avllazagaj, Yonghwi Kwon, and Tudor Dumitraș, University of Maryland Kernel privilege-escalation exploits typically leverage memory-corruption vulnerabilities to overwrite particular target locations. These memory corruption targets play a critical role in the exploits, as they determine which privileged resources (e.g., files, memory, and operations) the adversary may access and what privileges (e.g., read, write, and unrestricted) they may gain. While prior research has made important advances in discovering vulnerabilities and achieving privilege escalation, in practice, the exploits rely on the few memory corruption targets that have been discovered manually so far. We propose SCAVY, a framework that automatically discovers memory corruption targets for privilege escalation in the Linux kernel. SCAVY's key insight lies in broadening the search scope beyond the kernel data structures explored in prior work, which focused on function pointers or pointers to structures that include them, to encompass the remaining 90% of Linux kernel structures. Additionally, the search is bug-type agnostic, as it considers any memory corruption capability. To this end, we develop novel and scalable techniques that combine fuzzing and differential analysis to automatically explore and detect privilege escalation by comparing the accessibility of resources between executions with and without corruption. This allows SCAVY to determine that corrupting a certain field puts the system in an exploitable state, independently of the vulnerability exploited. SCAVY found 955 PoC, from which we identify 17 new fields in 12 structures that can enable privilege escalation. We utilize these targets to develop 6 exploits for 5 CVE vulnerabilities. Our findings show that new memory corruption targets can change the security implications of vulnerabilities, urging researchers to proactively discover memory corruption targets. View the full USENIX Security '24 program at https://www.usenix.org/conference/use...
Comments
![Как происходит модернизация остаточных соединений [mHC]](https://imager.clipsaver.ru/jYn_1PpRzxI/max.jpg)
![Почему работает теория шести рукопожатий? [Veritasium]](https://imager.clipsaver.ru/ggI1xKzoANs/max.jpg)
