دورية أكاديمية
Leveraging Relocations in ELF-binaries for Linux Kernel Version Identification
| العنوان: | Leveraging Relocations in ELF-binaries for Linux Kernel Version Identification |
|---|---|
| المؤلفون: | Bhatt, Manish |
| المصدر: | University of New Orleans Theses and Dissertations |
| بيانات النشر: | ScholarWorks@UNO |
| سنة النشر: | 2018 |
| المجموعة: | The University of New Orleans: ScholarWorks@UNO |
| مصطلحات موضوعية: | Kernel Version Identification, Code Fingerprinting, codeid-elf, memory analysis, derandomizing base address, Information Security |
| الوصف: | In this paper, we present a working research prototype codeid-elf for ELF binaries based on its Windows counterpart codeid, which can identify kernels through relocation entries extracted from the binaries. We show that relocation-based signatures are unique and distinct and thus, can be used to accurately determine Linux kernel versions and derandomize the base address of the kernel in memory (when kernel Address Space Layout Randomization is enabled). We evaluate the effectiveness of codeid-elf on a subset of Linux kernels and find that the relocations in kernel code have nearly 100\% code coverage and low similarity (uniqueness) across various kernels. Finally, we show that codeid-elf, which leverages relocations in kernel code, can detect all kernel versions in the test set with almost 100% page hit rate and nearly zero false negatives. |
| نوع الوثيقة: | text |
| وصف الملف: | application/pdf |
| اللغة: | unknown |
| العلاقة: | https://scholarworks.uno.edu/td/2528Test; https://scholarworks.uno.edu/context/td/article/3727/viewcontent/Thesis_Leveraging_Relocations_Thesis__8_.pdfTest |
| الإتاحة: | https://scholarworks.uno.edu/td/2528Test https://scholarworks.uno.edu/context/td/article/3727/viewcontent/Thesis_Leveraging_Relocations_Thesis__8_.pdfTest |
| حقوق: | http://creativecommons.org/licenses/by-nc/4.0Test/ |
| رقم الانضمام: | edsbas.34EE4679 |
| قاعدة البيانات: | BASE |
| الوصف غير متاح. |