Analysis & development of DLL-hijacking attacks in Windows
Γεωργόπουλος, Αναστάσιος - Δημήτριος
Λέξεις κλειδιάWindows (Computer operating systems) ; Microsoft security mechanism ; DLL (Dynamic-link library)
At runtime execution, the operating system loads data and information from auxiliary components so called libraries in order to complete its full functionality. For more flexibility, Microsoft has implemented the use of DLLs (Dynamic-link libraries) which can be loaded in memory dynamically serving several different applications with one component. Despite this helpful property, the DLLs have an embedded disadvantage: as their call can be done by name, the possibility for a malicious DLL to be loaded instead of the genuine one, it is really high if it is placed at the right directory. In particular, dynamic loading can be hijacked by placing an arbitrary file with the specified name in a directory searched before resolving the target component. In this master thesis, we analyze some of most popular applications as far as DLL loadings are concerned, we present a user interface for easily detecting DLL unsafe loadings and we conclude with their vulnerability to several kinds of attacks. Finally, we suggest a list of programming and system administration rules that are based on our analyses in order to improve the overall security of Windows operating systems.