Buscador de 'Gadgets' ROP para la construcción de 'payloads' para ARM

[ES] A partir de la aparici´on de la t´ecnica de protecci´on NX (Non eXecutable), la inyecci´on de c´odigo como m´etodo de ejecuci´on de payloads se vio seriamente limitada. Como consecuencia, los atacantes desarrollaron nuevas estrategias para explotar las vulnerabilidades de los procesos remotos. Una de las t´ecnicas m´as importantes es ROP (Return Oriented Programming), la cual permite “reorganizar” el c´odigo del propio proceso que est´a en ejecuci´on para ejecutar lo que el atacante desea. El presente trabajo aborda la implementaci´on de un programa en lenguaje C que, dado un fichero ejecutable ELF de la arquitectura ARM, localice, en el mismo, todos aquellos fragmentos de c´odigo (denominados Gadgets en ROP) que pueden ser utilizados para elaborar un payload. El objetivo, por tanto, es ofrecer una herramienta que muestre los gadgets disponibles para la elaboraci´on de payloads, as´ı como la automatizaci´on de un payload espec´ıfico que ejecute un shell de Linux. Se ponen en pr´actica conocimientos avanzados de los sistemas operativos (convenio de llamadas a funciones), el lenguaje ensamblador de la arquitectura ARM, la explotaci´on de fallos de programaci´on (buffer overflow) y la estructura de los ficheros ejecutables ELF.[CA] A partir de la aparici´on de la t´ecnica de protecci´on NX (Non eXecutable), la inyecci´on de c´odigo como m´etodo de ejecuci´on de payloads se vio seriamente limitada. Como consecuencia, los atacantes desarrollaron nuevas estrategias para explotar las vulnerabilidades de los procesos remotos. Una de las t´ecnicas m´as importantes es ROP (Return Oriented Programming), la cual permite “reorganizar” el c´odigo del propio proceso que est´a en ejecuci´on para ejecutar lo que el atacante desea. El presente trabajo aborda la implementaci´on de un programa en lenguaje C que, dado un fichero ejecutable ELF de la arquitectura ARM, localice, en el mismo, todos aquellos fragmentos de c´odigo (denominados Gadgets en ROP) que pueden ser utilizados para elaborar un payload. El objetivo, por tanto, es ofrecer una herramienta que muestre los gadgets disponibles para la elaboraci´on de payloads, as´ı como la automatizaci´on de un payload espec´ıfico que ejecute un shell de Linux. Se ponen en pr´actica conocimientos avanzados de los sistemas operativos (convenio de llamadas a funciones), el lenguaje ensamblador de la arquitectura ARM, la explotaci´on de fallos de programaci´on (buffer overflow) y la estructura de los ficheros ejecutables ELF.[EN] From the appearance of protection technique NX (Non eXecutable), code injection as a method of payloads execution was seriously limited. As a consequence, attackers developed new strategies to exploit the vulnerabilities of remote processes. One of the most important techniques is ROP (Return Oriented Programming), which allows attackers to reorganize the code of the process itself that is running in order to execute what the attacker wants. This paper deals with the implementation of a program written in C language that, given a ELF executable file of the ARM architecture, locates in it all those code snippets (called Gadgets in ROP) which can be used to prepare a payload. The goal, therefore, is to provide a tool which shows all available gadgets for the production of payloads, as well as the automation of an specific payload which executes a Linux shell. Advanced knowledge of operating systems (calling convention), the assembly language of the ARM architecture, exploitation of programming errors (buffer overflow), and the ELF executable files structure are put into practice.Vañó García, F. (2015). Buscador de 'Gadgets' ROP para la construcción de 'payloads' para ARM. http://hdl.handle.net/10251/54231.TFG

An Info-Leak Resistant Kernel Randomization

[EN] Given the significance that the cloud paradigm has in modern society, it is extremely important to provide security to users at all levels, especially at the most fundamental ones since these are the most sensitive and potentially harmful in the event of an attack. However, the cloud computing paradigm brings new challenges in which security mechanisms are weakened or deactivated to improve profitability and exploitation of the available resources. Kernel randomization is an important security mechanism that is currently present in all main operating systems. Function-Granular Kernel Randomization is a new step that aims to be the future of the kernel randomization, because it provides much more security than current kernel randomization approaches. Unfortunately, function-granular kernel randomization also impacts significantly on the performance and potential benefits of memory deduplication. Both function-granular kernel randomization and memory deduplication are desired and beneficial; the first for the strong protection it gives, and the second for the reduction of costs in terms of memory consumption. In this paper, we analyse the impact of function-granular kernel randomization on memory deduplication revealing why it cannot offer maximum security and shareability of memory simultaneously. We also discuss the reasons why having a full position independent kernel code counter-intuitively does not solve the problem introducing a challenge to kernel randomization designers. To solve these problems, we propose a function-granular kernel randomization modification for cloud systems that enables full function-granular kernel randomization while reduces memory deduplication cancellations to almost zero. The proposed approach forces guest kernels of the same tenant to have the same random memory layout of memory regions with high impact on deduplication, ensuring a high rate of deduplicated pages while the kernel randomization is fully enabled. Our approach enables cloud providers to have both, high levels of security and an efficient use of resources.Vañó-García, F.; Marco-Gisbert, H. (2020). An Info-Leak Resistant Kernel Randomization. IEEE Access. 8:161612-161629. https://doi.org/10.1109/ACCESS.2020.3019774S161612161629

E-BOOT: Preventing Boot-Time Entropy

[EN] Due to the impracticability of generating true randomness by running deterministic algorithms in computers, boot-loaders and operating systems undergo the lack of enough supplies of entropy at boot-time. This problem remains a challenge and affects all computer systems, including virtualization technologies. Unfortunately, this situation leads to undesired side effects, affecting the security of important kernel components and causing large blocking waits in the start-up of userland processes. For example, SSHD is delayed up to 4 minutes. In this paper, we analyze the boot-time entropy starvation problem, performing a comprehensive analysis of the Linux kernel boot process revealing that the problem not only affects userland applications but up to 33 kernel functions at boot time. Those functions are weakly fed by random numbers from a non-initialized CSPRNG. To overcome this problem, we propose E-Boot, a novel technique that provides high-quality random numbers to guest virtual machines. E-Boot is the first technique that completely satisfies the entropy demand of virtualized boot-loaders and operating systems at boot time. We have implemented E-Boot in Linux v5.3 and our experiments show that it effectively solves the boot-time entropy starvation problem. Our proposal successfully feeds bootloaders and boot time Linux kernel hardening techniques with high-quality random numbers, reducing also to zero the number of userspace blocks and delays. The total time overhead introduced by E-Boot is around 2 mu s and has zero memory overhead, since the memory is freed before the kernel boot ends, which makes E-boot a practical solution for cloud systems.Vañó-García, F.; Marco-Gisbert, H. (2020). E-BOOT: Preventing Boot-Time Entropy. IEEE Access. 8:61872-61890. https://doi.org/10.1109/ACCESS.2020.2984414S6187261890

KASLR-MT: kernel address space layout randomization for multi-tenant cloud systems

[EN] Cloud computing has completely changed our lives. This technology dramatically impacted on how we play, work and live. It has been widely adopted in many sectors mainly because it reduces the cost of performing tasks in a flexible, scalable and reliable way. To provide a secure cloud computing architecture, the highest possible level of protection must be applied. Unfortunately, the cloud computing paradigm introduces new scenarios where security protection techniques are weakened or disabled to obtain a better performance and resources exploitation. Kernel ASLR (KASLR) is a widely adopted protection technique present in all modern operating systems. KASLR is a very effective technique that thwarts unknown attacks but unfortunately its randomness have a significant impact on memory deduplication savings. Both techniques are very desired by the industry, the first one because of the high level of security that it provides and the latter to obtain better performance and resources exploitation. In this paper, we propose KASLR-MT, a new Linux kernel randomization approach compatible with memory deduplication. We identify why the most widely and effective technique used to mitigate attacks at kernel level, KASLR, fails to provide protection and shareability at the same time. We analyze the current Linux kernel randomization and how it affects to the shared memory of each kernel region. Then, based on the analysis, we propose KASLR-MT, the first effective and practical Kernel ASLR memory protection that maximizes the memory deduplication savings rate while providing a strong security. Our tests reveal that KASLR-MT is not intrusive, very scalable and provides strong protection without sacrificing the shareability. (C) 2019 Elsevier Inc. All rights reserved.Vañó-García, F.; Marco-Gisbert, H. (2020). KASLR-MT: kernel address space layout randomization for multi-tenant cloud systems. Journal of Parallel and Distributed Computing. 137:77-90. https://doi.org/10.1016/j.jpdc.2019.11.008S779013

Negative screening and sustainable portfolio diversification

[EN] A critical issue for socially responsible investors is the selection of the potential companies to invest in. For retail investors, the easiest and more intuitive option is to apply a negative screening approach to avoid investing in companies with bad reputation. In this line, companies involved in scandals regarding irresponsible activities which have become notorious in the mass media will be excluded from the potential companies. Implementing this process in a consistent and objectivity way is not an easy task, especially with worldwide portfolios. Nevertheless, there already exist complex databases which offer sensitive information to investors. This paper describes one of these databases. Furthermore, the problems of implementing such a negative screening methodology are presented, which are mainly related with the proper diversification of the resulting investment portfolios.Arribas, I.; Espinós-Vañó, MD.; García García, F.; Tamosiuniene, R. (2019). Negative screening and sustainable portfolio diversification. Enterpreneurship and Sustainability Issues. 6(4):1566-1586. https://doi.org/10.9770/jesi.2019.6.4(2)S156615866

Defining socially responsible companies according to retail investors' preferences

[EN] The impressive growth of the funds managed following socially responsible investment strategies is a phenomenon that has been analysed from different perspectives. One of the main factors determining such investment strategies, maybe the most important one, is the selection of socially responsable companies, that is, the differentiation between socially responsible and irresponsible companies. Generally, the selection process is performed applying negative screening or positive screening strategies. Negative screening considers irresponsible companies those involved in the production of weapons or alcoholic beverages, following religious criteria. The positive screening approach is much more complex and less transparent. Both methodologies have been critizied as they do not prevent companies performing a clearly irresponsible behaviour to be included in the socially responsable portfolio. Moreover, it is important to stress that the opinion of retail investors is not considered when defining the concept of "socially responsible company", that is, the opinion of the potential clients of the socially responsible financial products. In this paper we are interested in the opinion of these potential clients regarding negative screening criteria, because we exclude the possibility of retail investors applying complex positive screening approaches. Our results show that compliance with the legislation is a main criterion for potential retail investors. This is an important outcome, as legal compliance is actually not a necessary requisite and non-complying companies are usually included in socially responsible financial products. Regarding negative screening based on the activity sector of the companies, results are more controversial.Arribas, I.; Espinós-Vañó, MD.; García García, F.; Oliver-Muncharaz, J. (2019). Defining socially responsible companies according to retail investors' preferences. Enterpreneurship and Sustainability Issues. 7(2):1641-1653. https://doi.org/10.9770/jesi.2019.7.2(59)S164116537

The difficulty of applying exclusion criteria in ethical portfolios

[ES] Un aspecto crítico de la inversión socialmente responsable es la correcta selección de las empresas en las que invertir. Para un inversor particular, el método de selección más sencillo e intuitivo es el screening negativo, según el cual evitará invertir en empresa con mala reputación. Así las empresas que se hayan visto envueltas en escándalos que se hayan publicado en los medios de comunicación generalistas como consecuencia de actividades irresponsables serán excluidas del universo de empresas potenciales. Implementar este procedimiento a gran escala y de forma consistente y objetiva, analizando gran número de empresas cotizadas a nivel mundial, no es sencillo. No obstante, ya existen bases de datos muy completas que facilitan la información a los inversores. En este artículo se describe una de estas bases de datos y se anticipan los problemas que conlleva implementar en la práctica el screening negativo en relación a la diversificación de las carteras de inversión.Arribas-Fernández, I.; Espinós-Vañó, MD.; García García, F. (2018). Análisis de la dificultad de crear carteras de inversión éticas aplicando criterios de exclusión no sectoriales. Finance, Markets and Valuation. 4(2):41-64. http://hdl.handle.net/10251/122873S41644

The ethical index FTSE4GOOD IBEX as an alternative for passive portafolio strategies in Spain

[EN] This paper compares the return obtained by two of the most important stock indices in Spain: the conventional index IBEX 35 and the ethical index FTSE4Good Ibex. The aim of the study is to check whether the screening process to select only socially responsible companies has a negative impact on the return by the ethical index. The results show that this is not the case, as the correlation between both indices is very high. This high correlation is due to the fact that both indices are composed by almost the same companies. This outcome releases the question of what could be the purpose of an ethical index which is so similar to the conventional one, even regarding companies' selection.[ES] Este artículo compara la rentabilidad obtenida por dos de los principales índices bursátiles españoles: el IBEX 35 y su homólogo ético, el FTSE4Good Ibex. Se trata de comprobar si el proceso de selección de empresas socialmente responsables realizado por el índice ético tiene un impacto negativo en la rentabilidad obtenida. Se comprueba que no es el caso, siendo la correlación entre ambos índices muy elevada. Esta alta correlación se explica por el hecho de que los activos que componen ambos índices son prácticamente los mismos. Esta situación plantea la cuestión de cuál es la finalidad de un índice ético que replica a un índice convencional también en la selección de empresas integrantes.Espinós-Vañó, MD.; García García, F.; Oliver-Muncharaz, J. (2018). El índice ético FTSE4GOOD IBEX como alternativa para la gestión pasiva de carteras de inversión en España. Finance, Markets and Valuation. 4(1):117-129. http://hdl.handle.net/10251/122865S1171294