POPKORN: Popping Windows Kernel Drivers At Scale

Sin portada

Taesoo Kim, Christopher Kruegel, Giovanni Vigna, Noah Spahn, Rajat Gupta, Lukas Dresel: POPKORN: Popping Windows Kernel Drivers At Scale (2022, ACSAC 2022)

Publicado el 10 de Diciembre de 2022 por ACSAC 2022.

4 estrellas (1 reseña)

External vendors develop a significant percentage of Windows kernel drivers, and Microsoft relies on these vendors to handle all aspects of driver security. Unfortunately, device vendors are not immune to software bugs, which in some cases can be exploited to gain elevated privileges. Testing the security of kernel drivers remains challenging: the lack of source code, the requirement of the presence of a physical device, and the need for a functional kernel execution environment are all factors that can prevent thorough security analysis. As a result, there are no binary analysis tools that can scale and accurately find bugs at the Windows kernel level. To address these challenges, we introduce POPKORN, a lightweight framework that harnesses the power of taint analysis and targeted symbolic execution to automatically find security bugs in Windows kernel drivers at scale. Our system focuses on a class of bugs that affect security-critical Windows API functions …

1 edición

[Included in ThinkstScapes] Automatically finding driver privesc

4 estrellas

Nice applied research on automatically searching for privesc weaknesses in signed Windows driver binaries. While they found a lot of initial drivers to test, the corpus was slimmed down by the sources and sinks they used to search for. Still managed to find a few dozen new vulnerabilities.