Sunday, October 26, 2014

An OS Kernel Bug in Windows 8.1 32-bit OS When Handling Task Switch Events

I'm not sure if this kernel bug that I reported in last year has been fixed in the latest Win8.1 32bit system. The bug is : any NMI (Non-Maskable Interrupt) can cause system crash/BSOD with BugCheck 7F, {7, *, *, *}. 

Wednesday, October 22, 2014

Security OS Kernel Design: an idea to prevent malicious software overwriting the critical system kernel data structures

Recently, when reading this paper "HyperSafe - A Lightweight Approach to Provide Lifetime Hypervisor Control-Flow Integrity", an idea just comes out from my mind: using write protection (CR0.WP) and read-only (RO) page attribute to prevent the critical kernel data structures being overwritten by malicious software through buffer (stack, heap) overflow in an exploitable kernel module.


Control Flow Integrity (CFI)

Traditionally, arbitrary malicious code execution (e.g. caused by buffer overflow, stack or heap manipulation) is one of major threats in computer security. 

But due to the fact that there are many hardware-enforced security features are introduced in recent processors, for example in my previous post, the attackers are starting to explore the other advanced techniques.

Friday, October 17, 2014

Enable UEFI Firmware BIOS and Debug Xen/EFI on VMware Player

Since VMware product (e.g. Player) now supports nested virtualization VT-x/VMX , recently I wanted to use this feature to debug XEN w/ EFI on top of VMware Player. This post details some best practices, and some issues I encountered. 

Thursday, October 16, 2014

Is this a good security design in Linux kernel? -- connections between thread_info and kernel stack

In Linux kernel, thread_info is a small CPU-specific data structure that stores some low-level task data for corresponding process, it also has a pointer to task_struct, which is a processor-independent process control block data structure, e.g. scheduling, virtual memory structures.