1 / 15

Constant Gardener

Constant Gardener. Technical Design Sam Lightbody. Overview. Server focused security tool The clients primary goal is to prevent privilege escalation attacks. We’ll achieve this using the DynamoRIO API to modify processes as they run . Designed for system administrators. Design Pattern.

moshe
Download Presentation

Constant Gardener

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ConstantGardener Technical Design Sam Lightbody

  2. Overview • Server focused security tool • The clients primary goal is to prevent privilege escalation attacks. • We’ll achieve this using the DynamoRIO API to modify processes as they run. • Designed for system administrators.

  3. Design Pattern • Event Driven Architecture • Necessitated by DynamoRIO • Once initialized Constant Gardener waits for external events

  4. High-level Flow

  5. Data Structures • Object dump results • Holds line by line objdump results for target binary • Records previous and next lines, memory address of line, opcode, and operands • Control Flow Graph • Holds constructed control-flow graph. • Records start and end of basic block, parent block, and child block(s).

  6. CFG Construction

  7. Interception

  8. Memory Protection

  9. Roadmap • The CFG and Interception aspects of Constant Gardener must be built sequentially • Memory protection will be worked on throughout the course of the project when time allows

  10. Milestone 1 – 30% • Successful construction of Control Flow Graph • Thorough testing on validity of CFG • Begin work on stack trace implementation

  11. Milestone 2 – 70% • Implemented path-matching algorithm • Client uses algorithm to accurately compare a stack trace with the Control Flow Graph • Client allows or denies system calls based on above • Basic memory write checks in place

  12. Milestone 3 – 80% • Performance impact analysis of path-matching and escalation denial • Optimization of path-matching and denials • Optimization and analysis of memory checks

  13. Milestone 4 – 90% • Final performance impact analysis on memory checks • Add visual output to real time identification process

  14. Milestone 5 – 100% • Final clean up and optimization of code base • Scenario testing • Basic logging capabilities implemented

  15. Questions?

More Related