Information Leak Detection via Dual Execution of a Script Interpreter

Allgemein

Betreuer: Andre Pawlowski

Beginn: as soon as possible

Dauer: 6 Months

Weitere Details:

Beschreibung

Memory disclosure attacks are (in most cases) the first step of an exploitation attempt by an attacker. The attacker tries to read a memory address in order to gain a foothold into the memory layout of the target process. With the gained information, the attacker is able to bypass protection mechanisms like ASLR (Address Space Layout Randomization) and successfully exploit the target.

The aim of this thesis is to tackle this problem by implementing a dual execution for the Python interpreter (preferably for a webserver). The concept is as follows: a clone of the interpreter process is created with a differently randomized memory layout. Both interpreter processes work on the same input and therefore execute the same bytecode in the same order. If an inconsistency in the script contexts of both processes appears, a memory disclosure attack was detected.

The concept is explained in more detail in the following publication: https://www.syssec.rub.de/media/emma/veroeffentlichungen/2016/07/29/detile_info_leak_detection_dimva16.pdf

Tasks that need to be solved include:

  • Familiarize with the Python interpreter
  • Familiarize with the image loading process under Linux
  • Implement a loader that clones with a re-randomized memory layout (in Linux the re-randomizing is done by the normal loading process)
  • Implement a dual execution engine that monitors and synchronizes both interpreter processes
  • Evaluate the implementation

Voraussetzungen

  • Good C/C++ programming skills
  • Good knowledge of Linux
  • Some reverse engineering knowledge