[1] Chen Y, Xing X. Slake: Facilitating slab manipulation for
exploiting vulnerabilities in the linux
kernel[C]//Proceedings of the 2019 ACM SIGSAC
Conference on Computer and Communications Security.
2019: 1707-1722.
[2] 刘剑, 苏璞睿, 杨珉, 等.软件与网络安全研究综述[J].
软件学报,2018,29(1):42-68
(Liu J, Su PR, Yang M, et al. Software and cyber
security—A survey[J]. Ruan Jian Xue Bao/Journal of
Software, 2018,29(1):42-68.)
[3] Kemerlis V P, Polychronakis M, Keromytis A D. Ret2dir:
rethinking kernel isolation[C]//23rd USENIX Security
Symposium (USENIX Security 14). 2014: 957-972.
[4] M. Jurczyk, G. Coldwind. Smep: What is it, and How to
Beat it on Windows[EB/OL]. [2023-11-03].
https://j00ru.vexillium.org/2011/06/smep-what-is-it-and-h
ow-to-beat-it-on-windows/.
[5] WIKIVERSITY. Supervisor Mode Access
Prevention[EB/OL]. [2023-11-03].
https://en.wikipedia.org/wiki/Supervisor_Mode_Access_P
revention.
[6] Kemerlis V P, Portokalidis G, Keromytis A D. kGuard:
lightweight kernel protection against return-to-user
attacks[C]//21st USENIX Security Symposium (USENIX
Security 12). 2012: 459-474.
[7] Xu W, Li J, Shu J, et al. From collision to exploitation:
unleashing use-after-free vulnerabilities in linux
kernel[C]//Proceedings of the 22nd ACM SIGSAC
Conference on Computer and Communications Security.
2015: 414-425.
[8] Lin Z, Wu Y, Xing X. Dirtycred: escalating privilege in
linux kernel[C]//Proceedings of the 2022 ACM SIGSAC
Conference on Computer and Communications Security.
2022: 1963-1976.
[9] Avgerinos T, Cha S K, Rebert A, et al. Automatic exploit
generation[J]. Communications of the ACM, 2014, 57(2):
74-84.
[10] 赵尚儒, 李学俊, 方越, 等. 安全漏洞自动利用综述[J].
计算机研究与发展, 2019, 56(10): 2097-2111.
(Zhao Shangru, Li Xuejun, Fang Yue, et al. A Survey on
Automated Exploit Generation[J]. Journal of Computer
Research and Development, 2019, 56(10): 2097-2111.)
[11] 冯光升, 张熠哲, 孙嘉钰, 等. 计算机系统漏洞自动化
利用研究关键技术及进展[J]. 信息网络安全, 2022,
22(3): 39-52.
(Feng Guangsheng, Zhang Yizhe, Sun Jiayu, et al. Key
Technologies and Advances in the Research on Automated
Exploitation of Computer System Vulnerabilities[J].
Netinfo Security, 2022, 22(3): 39-52.)
[12] 张利群, 潘祖烈, 黄晖, 等. 基于符号执行的 Tcache
Poisoning 堆漏洞自动验证方法研究[J]. 计算机工程,
2023, 49(6): 24-33.
(Zhang Liqun, Pan Zulie, Huang Hui, et al. Research on
Automatic Verification Method of Tcache Poisoning Heap
Vulnerability Based on Symbolic Execution[J]. Computer
Engineering, 2023, 49(6): 24-33.)
[13] Wu W, Chen Y, Xu J, et al. Fuze: towards facilitating
exploit generation for kernel use-after-freevulnerabilities[C]//27th USENIX Security Symposium
(USENIX Security 18). 2018: 781-797.
[14] Chen W, Zou X, Li G, et al. Koobe: towards facilitating
exploit generation of kernel out-of-bounds write
vulnerabilities[C]//29th USENIX Security Symposium
(USENIX Security 20). 2020: 1093-1110.
[15] Lu K, Walter M T, Pfaff D, et al. Unleashing
use-before-initialization vulnerabilities in the linux kernel
using targeted stack spraying[C]//NDSS. 2017.
[16] Cho H, Park J, Kang J, et al. Exploiting uses of
uninitialized stack variables in linux kernels to leak kernel
pointers[C]//14th USENIX Workshop on Offensive
Technologies (WOOT 20). 2020.
[17] Liu D, Wang P, Zhou X, et al. Erace: toward facilitating
exploit generation for kernel race vulnerabilities[J].
Applied Sciences, 2022, 12(23): 11925.
[18] Lee Y, Min C, Lee B. Exprace: exploiting kernel races
through raising interrupts[C]//30th USENIX Security
Symposium (USENIX Security 21). 2021: 2363-2380.
[19] Lin Z, Chen Y, Wu Y, et al. Grebe: unveiling exploitation
potential for linux kernel bugs[C]//2022 IEEE Symposium
on Security and Privacy (SP). IEEE, 2022: 2078-2095.
[20] Zou X, Li G, Chen W, et al. Syzscope: revealing high-risk
security impacts of fuzzer-exposed bugs in linux
kernel[C]//31st USENIX Security Symposium (USENIX
Security 22). 2022: 3201-3217.
[21] Wu W, Chen Y, Xing X, et al. {KEPLER}: Facilitating
control-flow hijacking primitive evaluation for Linux
kernel vulnerabilities[C]//28th USENIX Security
Symposium (USENIX Security 19). 2019: 1187-1204.
[22] Zeng K, Chen Y, Cho H, et al. Playing for K (H) eaps:
understanding and improving linux kernel exploit
reliability[C]//31st USENIX Security Symposium
(USENIX Security 22). 2022: 71-88.
[23] Lee Y, Kwak J, Kang J, et al. Pspray: timing side-channel
based linux kernel heap exploitation technique[C]//32nd
USENIX Security Symposium (USENIX Security 23).
2023: 6825-6842.
[24] Chen Y, Lin Z, Xing X. A systematic study of elastic
objects in kernel exploitation[C]//Proceedings of the 2020
ACM SIGSAC Conference on Computer and
Communications Security. 2020: 1165-1184.
[25] Liu D, Wang P, Zhou X, et al. From release to rebirth:
exploiting thanos objects in linux kernel[J]. IEEE
Transactions on Information Forensics and Security, 2022,
18: 533-548.
[26] Lattner C, Adve V. LLVM: A compilation framework for
lifelong program analysis &
transformation[C]//International symposium on code
generation and optimization, 2004. CGO 2004. IEEE,
2004: 75-86.
[27] Vyukov D. Syzkaller: an unsupervised, coverage-guide
d kernel fuzzer[EB/OL]. [2023-11-03]. https://github.c
om/google/syzkaller.
[28] Tan X, Zhang Y, Lu J, et al. Syzdirect: directed greybox
fuzzing for linux kernel[C]//Proceedings of the 2023
ACM SIGSAC Conference on Computer and
Communications Security. 2023: 1630-1644.
[29] Lu K, Hu H. Where does it go? refining indirect-call
targets with multi-layer type analysis[C]//Proceedings of
the 2019 ACM SIGSAC Conference on Computer and
Communications Security. 2019: 1867-1881.
[30] SECURITY O. Exploit database[EB/OL]. [2023-11-03].
https://www.exploit-db.com/.
[31] Jiang Z, Zhang Y, Xu J, et al. Aem: facilitating
cross-version exploitability assessment of linux kernel
vulnerabilities[C]//2023 IEEE Symposium on Security
and Privacy (SP). IEEE, 2023: 2122-2137.
[32] National Vulnerability Database. CVE-2018-6555[EB/O
L]. [2023-11-03]. https://nvd.nist.gov/vuln/detail/CVE-2
018-6555.
|